Meraki

Community

MX68CW IPSEC to non-Meraki peer, over 4G

Techie
Comes here often
‎Dec 6 2020 9:10 PM
‎Dec 6 2020 9:10 PM

MX68CW IPSEC to non-Meraki peer, over 4G

Hi Everyone,

 

I am going to deploy an MX68CW to a branch office.  They have an NBN FTTC connection that has a static IP.  There is currently an IPSEC VPN tunnel with their current router to a virtual pfSense in the data centre that also has a static IP.  No dramas with this setup.

 

If the Meraki fails over to 4G, can it establish an aggressive mode tunnel to the data centre?  I cannot select between main and aggressive mode types when I add a peer.  And I also know that AutoVPN only works if both sides are Meraki devices.

0 Kudos
1 Reply 1
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 6 2020 10:55 PM
‎Dec 6 2020 10:55 PM

That's going to be a pfsense question ...

 

We've done these kinds of configs using StrongSwan but they don't tend to be reliable.  You'll test it 5 times and it will work 4 times.  Then the one time you actually need it to work it doesn't.

 

 

One thing that might help if you use 15.x code is to use IKEv2, and specify a peer identity for pfSense to match on (instead of matching on your public IP address).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.