Meraki

Community

Multiple non Meraki VPN connections

Solved
Trust
Comes here often
‎Nov 17 2023 2:28 AM
‎Nov 17 2023 2:28 AM

Multiple non Meraki VPN connections

Hi,

I want to establish independent non-Meraki VPN connections to the same destination with multiple MX68 devices.

 

Are the Site-to-Site connections configured globally in Meraki and not on each MX itself, right?

 

Do I need to create a separate network tag for each MX, set up a tunnel for each MX, and then assign the individual MX tag to each tunnel?

Thanks

 

Trust_0-1700216829746.png

 

0 Kudos
1 Accepted Solution
JJRiebeling
Meraki Employee
Meraki Employee
‎Nov 21 2023 11:53 AM
‎Nov 21 2023 11:53 AM

Agreeing with PhilipDath's answer. Typically you will be using different tags only if you want any of the PSK, phase-1 or phase-2 settings different for any of the MX68s. If that's the case, you can configure the same peer again and use different settings as you want with the new tag created for those MX68s in the 'availability' section.

View solution in original post

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 17 2023 2:43 AM
‎Nov 17 2023 2:43 AM

It is a good idea to create TAGs, otherwise you will try to establish a tunnel with each MX in the organization.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 17 2023 4:31 PM
‎Nov 17 2023 4:31 PM

>Are the Site-to-Site connections configured globally in Meraki and not on each MX itself, right?

 

Correct.

 

>Do I need to create a separate network tag for each MX, set up a tunnel for each MX, and then assign the individual MX tag to each tunnel?

 

Typically you would use a single tag for each destination.  As long as you use the same PSK, phase-1 and phase-2 settings, you can then just apply this one single tag to every MX network that will be connecting to the same destination.

JJRiebeling
Meraki Employee
Meraki Employee
‎Nov 21 2023 11:53 AM
‎Nov 21 2023 11:53 AM

Agreeing with PhilipDath's answer. Typically you will be using different tags only if you want any of the PSK, phase-1 or phase-2 settings different for any of the MX68s. If that's the case, you can configure the same peer again and use different settings as you want with the new tag created for those MX68s in the 'availability' section.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.