Meraki

Community

Non Meraki VPN set up - What is 'Remote ID'

brad1028
Here to help
‎Nov 27 2019 12:37 PM
‎Nov 27 2019 12:37 PM

Non Meraki VPN set up - What is 'Remote ID'

I can't find what 'remote ID' is suppose to represent. In the parameters I have :
Name:
Public IP:
Remote ID:
Private subnets:
....
What is the Remote ID?

0 Kudos
7 Replies 7
jdsilva
Kind of a big deal
‎Nov 27 2019 1:24 PM
‎Nov 27 2019 1:24 PM

Uhh... Where did that come from...? That never used to be there. The Non-Meraki VPN's I have set up have that field blank.

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
In response to jdsilva
JasonCampbell
Getting noticed
‎Nov 27 2019 1:42 PM
‎Nov 27 2019 1:42 PM

Yeah the bigger problem is that ever since they intro'ed that field now Chrome tries to autofill my Meraki username password. If I don't catch it the PSK changes and breaks my VPN.

FIX THIS. YOU STATE CHROME IS THE PREFERRED BROWSER.
0 Kudos
In response to JasonCampbell
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 27 2019 7:25 PM
‎Nov 27 2019 7:25 PM

You'll need to post this into the Chrome community.  Cisco Meraki don't develop Chrome.

https://support.google.com/chrome/community?hl=en 

 

Ideally the feature we want (and a lot of other people want) is to disable autofill on a per domain basis.

 

 

Otherwise this is quite a cool (because it is simple) Chrome extension to do it.

https://superuser.com/questions/523877/can-i-disable-google-chrome-autofill-only-for-localhost 

 

 

In response to PhilipDAth
JasonCampbell
Getting noticed
‎Nov 27 2019 7:31 PM
‎Nov 27 2019 7:31 PM

I respectfully decline. If Meraki is going to recommend Chrome browser they should not be using form names that ident with username/pw autofill.

0 Kudos
In response to JasonCampbell
BradMorgan
New here
‎Dec 16 2019 11:02 AM
‎Dec 16 2019 11:02 AM

Agree with Jason. This is a Meraki Front end issue.  They should not be using form names that generally autofill.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 28 2019 12:14 AM
‎Nov 28 2019 12:14 AM

Haven't noticed that before, must be relatively new.  Remote ID is what the remote system uses to identify itself.  This varies between IKEv1 and IKEv2 - but lets stick with IKEv1.

 

The most commonly used option is "IP Address" - being the IP address configured on the remote devices WAN interface.  If the remote device is behind another device doing NAT then the peer IP address is usually the public IP on the outside of the NAT device and the remote ID is the private IP on the outside of the VPN device.

 

Another option is "dn" for distinguished name.  It is used during certificate authentication.  So not applicable in Meraki world.

 

"hostname" is another option.  This can be popular when the remote site is using a dynamic IP addresses.

 

Some systems support a "key id" for selecting a key.

 

Some vendors probably have some other options.

 

 

Although I said lets ignore IKEv2, IKEv2 also added fqdn and email address as ID options.  I find these much easier to work with.  Every company has an FQDN available to them, and you can easily create dummy email addresses (they don't have to be actual real email addresses) to identify sites, suchs site1@company.com, site2@company.com, etc.

Now you can create much more scalable VPN solutions without having to configure the IP address for each remote branch on the head end.

 

But if you have AutoVPN - you don't have that issue anyway.

0 Kudos
ScottPR
Here to help
‎Dec 17 2019 10:55 AM
‎Dec 17 2019 10:55 AM

In sonicwalls, there's an identifying string internal to the sonicwall firewall that's used in site-to-site vpns. In the VPN Settings, it would be "Unique Firewall Identifier".

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.