Meraki

Community

Meraki - Site to Site VPN with Dynamic Peer

Diajodan
New here
‎Jan 29 2024 7:55 AM
‎Jan 29 2024 7:55 AM

Meraki - Site to Site VPN with Dynamic Peer

We are new to deploying Meraki devices.  I hve a Mx firewall that I am replacing for a client whose prior devie has failed.

 

The prior set up included a site-to-site vpn.  The Meraki side has a static IP address.  The remote side utilizes a device which has a dynamic address.

 

The prior firewall was set to accept connections for a dynamic IP when presented with the appropriate credentials.  I am trying to determine how to configure this on the meraki.

 

Any help would be appreciated.

Labels:
0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
‎Jan 29 2024 7:58 AM
‎Jan 29 2024 7:58 AM

Are you talking about an Alto VPN or a VPN with a non-meraki peer?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
‎Jan 29 2024 8:03 AM
‎Jan 29 2024 8:03 AM

You can also check the documentation.

 

Site-to-Site VPN Settings - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Diajodan
New here
‎Jan 29 2024 8:03 AM
‎Jan 29 2024 8:03 AM

This is a VPN to a non-meraki peer.  Specifically, and Edge Router.

0 Kudos
In response to Diajodan
alemabrahao
Kind of a big deal
‎Jan 29 2024 8:08 AM
‎Jan 29 2024 8:08 AM

It is highly recommended to establish a VPN connection using a static IP address
The only way to deploy dynamic IPs in VPN deployments is if you have DNS (name to IP) entries on some DNS server.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Diajodan
New here
‎Jan 29 2024 8:13 AM
‎Jan 29 2024 8:13 AM

I understand the preference and completely agree.  Your proposed solution would seem to require a DDNS solution on the client which is not going to work in this situation.  Thank you for your input.  I appreciate the clarification.

0 Kudos
GreenMan
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Jan 29 2024 8:16 AM
‎Jan 29 2024 8:16 AM

It sounds to me like you need to set up your non-Meraki VPN to a Fully Qualified Domain Name (QDN) rather than a static IP.   You need to ensure, of course, that the destination is set up for dynamic DNS;   the FQDN needs to resolve to the changed address, when that happens.   https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Non-Meraki_VPN_Peerin...  Using a static address would be much more stable / reliable though.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.