Meraki Community

nezero

Hello,

I'm using a "Non-Meraki VPN Peer" as a S2S VPN to a cloud network that is managed by a client. It's all up and running, but I'm wandering how I firewall the connection.

My network can access hosts on the cloud, but I'd like prevent the cloud network from being able to initiate incoming connections. I just wanted confirmation as to whether or not the default inbound rules apply to these VPN Peers or whether there is another area that needs configuration.

From the Meraki pages and documentation I can't tell if it is covered or not.

KarstenI

You are facing the most relevant shortcoming of the Meraki MX. For extranet VPNs, you can’t control what get’s into your network. For customers with more advanced extranet uses, I typically place an ASA/FTD parallel to the MX.

View solution in original post

alemabrahao

Yup, https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

nezero

I may be mis reading it, but I think that is referring to the outbound firewall rules, not the inbound ones.

KarstenI

You are facing the most relevant shortcoming of the Meraki MX. For extranet VPNs, you can’t control what get’s into your network. For customers with more advanced extranet uses, I typically place an ASA/FTD parallel to the MX.

nezero

Yes, it sounds like you're correct.

Meraki Community

Non-Meraki VPN Peers - Firewall

Non-Meraki VPN Peers - Firewall