MX Site to Site VPN with SonicWall Firewall

Solved
VIGUPTA3
Here to help

MX Site to Site VPN with SonicWall Firewall

Hello Experts,

I am looking for a help on integrating MX (Hub Site on Customer1) to Sonic Wall(DC Firewall Customer2) Firewall using Site to Site VPN as this is for Merger of two entities.

 

Is there a documentation which has a demonstration to integrate MX with SonicWall using Site to Site VPN?

Any challenges, dependencies or risks while doing it?

Can we do static routing for the subnets on customer 2 side or its done under the "Private Subnets" Section on Meraki MX GUI as given  in below url:

https://www.firewall.cx/security/palo-alto-networks/palo-alto-firewall-meraki-mx-ipsec-vpn-setup.htm...

How do we achieve failover in Meraki if we create two Tunnels from Meraki to Active Sonicwall and Standby Sonicwall Firewall?

Do we need to do some specific config on MX to achieve failover from Primary to secondary tunnel?

Please guide me so that I can plan accordingly.

Thanks

 

 

 

1 Accepted Solution
DAlleman
Meraki Employee
Meraki Employee

1) We do not have any official documentation for creating a VPN with SonicWall. Still, any VPN that is not Meraki to Meraki is configured the same using the Non-Meraki VPN Peers guide.

2) For the MX platform, static routes are used to define subnets accessible through the MX LAN, so you cannot configure static routes over the Non-Meraki VPN. Any local subnet you have enabled on the VPN page of the Meraki dashboard will route to the Customer 2 subnets defined in the private subnet field of the Non-Meraki VPN configuration.

3) @jimmyt234 is correct; This is a tricky process, but it can be achieved: Tag-Based IPsec VPN Failover documentation.

4) I agree with @cmr; a simplified approach is using the Meraki-Auto VPN, which would require installing an MX at both locations. 

If you run into any configuration issues during your setup or need further clarification on the MX VPN capabilities, I suggest opening a support case so we can review your specific configurations and provide solutions.

View solution in original post

4 Replies 4
jimmyt234
Building a reputation

Active/Passive tunnels from MX to non-Meraki peers is tricky, as presumable the remote subnets are going to be the same. There is this documentation where you have to leverage the API and Tags to achieve the desired result, I have never tried this: Tag-Based IPsec VPN Failover - Cisco Meraki Documentation

cmr
Kind of a big deal
Kind of a big deal

Personally I would install an MX at customer 2 site in single ended mode inside the SonicWall.  Then you can use autoVPN.  What is the bandwidth at customer 2's site and what is the expected traffic to traverse the link?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
DAlleman
Meraki Employee
Meraki Employee

1) We do not have any official documentation for creating a VPN with SonicWall. Still, any VPN that is not Meraki to Meraki is configured the same using the Non-Meraki VPN Peers guide.

2) For the MX platform, static routes are used to define subnets accessible through the MX LAN, so you cannot configure static routes over the Non-Meraki VPN. Any local subnet you have enabled on the VPN page of the Meraki dashboard will route to the Customer 2 subnets defined in the private subnet field of the Non-Meraki VPN configuration.

3) @jimmyt234 is correct; This is a tricky process, but it can be achieved: Tag-Based IPsec VPN Failover documentation.

4) I agree with @cmr; a simplified approach is using the Meraki-Auto VPN, which would require installing an MX at both locations. 

If you run into any configuration issues during your setup or need further clarification on the MX VPN capabilities, I suggest opening a support case so we can review your specific configurations and provide solutions.

VIGUPTA3
Here to help

@jimmyt234 @cmr @Dalleman

Thanks for responding.

Conclusion: Failover of Meraki to Non-Meraki IPSec tunnels from Primary to Secondary can be achieved by TAG method mentioned.

Better Option: Install a Meraki behind remote DC in customer 2 premises.

Thanks a lot for your responses.


 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels