Meraki - Site to Site VPN with Dynamic Peer

Diajodan
New here

Meraki - Site to Site VPN with Dynamic Peer

We are new to deploying Meraki devices.  I hve a Mx firewall that I am replacing for a client whose prior devie has failed.

 

The prior set up included a site-to-site vpn.  The Meraki side has a static IP address.  The remote side utilizes a device which has a dynamic address.

 

The prior firewall was set to accept connections for a dynamic IP when presented with the appropriate credentials.  I am trying to determine how to configure this on the meraki.

 

Any help would be appreciated.

6 Replies 6
alemabrahao
Kind of a big deal

Are you talking about an Alto VPN or a VPN with a non-meraki peer?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal

You can also check the documentation.

 

Site-to-Site VPN Settings - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Diajodan
New here

This is a VPN to a non-meraki peer.  Specifically, and Edge Router.

alemabrahao
Kind of a big deal

It is highly recommended to establish a VPN connection using a static IP address
The only way to deploy dynamic IPs in VPN deployments is if you have DNS (name to IP) entries on some DNS server.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Diajodan
New here

I understand the preference and completely agree.  Your proposed solution would seem to require a DDNS solution on the client which is not going to work in this situation.  Thank you for your input.  I appreciate the clarification.

GreenMan
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star

It sounds to me like you need to set up your non-Meraki VPN to a Fully Qualified Domain Name (QDN) rather than a static IP.   You need to ensure, of course, that the destination is set up for dynamic DNS;   the FQDN needs to resolve to the changed address, when that happens.   https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Non-Meraki_VPN_Peerin...  Using a static address would be much more stable / reliable though.

Get notified when there are additional replies to this discussion.