cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Non Meraki VPN set up - What is 'Remote ID'

Conversationalist

Non Meraki VPN set up - What is 'Remote ID'

I can't find what 'remote ID' is suppose to represent. In the parameters I have :
Name:
Public IP:
Remote ID:
Private subnets:
....
What is the Remote ID?

5 REPLIES 5
Highlighted
Kind of a big deal

Re: Non Meraki VPN set up - What is 'Remote ID'

Uhh... Where did that come from...? That never used to be there. The Non-Meraki VPN's I have set up have that field blank.

Getting noticed

Re: Non Meraki VPN set up - What is 'Remote ID'

Yeah the bigger problem is that ever since they intro'ed that field now Chrome tries to autofill my Meraki username password. If I don't catch it the PSK changes and breaks my VPN.

FIX THIS. YOU STATE CHROME IS THE PREFERRED BROWSER.
Kind of a big deal

Re: Non Meraki VPN set up - What is 'Remote ID'

You'll need to post this into the Chrome community.  Cisco Meraki don't develop Chrome.

https://support.google.com/chrome/community?hl=en 

 

Ideally the feature we want (and a lot of other people want) is to disable autofill on a per domain basis.

 

 

Otherwise this is quite a cool (because it is simple) Chrome extension to do it.

https://superuser.com/questions/523877/can-i-disable-google-chrome-autofill-only-for-localhost 

 

 

Getting noticed

Re: Non Meraki VPN set up - What is 'Remote ID'

I respectfully decline. If Meraki is going to recommend Chrome browser they should not be using form names that ident with username/pw autofill.

Kind of a big deal

Re: Non Meraki VPN set up - What is 'Remote ID'

Haven't noticed that before, must be relatively new.  Remote ID is what the remote system uses to identify itself.  This varies between IKEv1 and IKEv2 - but lets stick with IKEv1.

 

The most commonly used option is "IP Address" - being the IP address configured on the remote devices WAN interface.  If the remote device is behind another device doing NAT then the peer IP address is usually the public IP on the outside of the NAT device and the remote ID is the private IP on the outside of the VPN device.

 

Another option is "dn" for distinguished name.  It is used during certificate authentication.  So not applicable in Meraki world.

 

"hostname" is another option.  This can be popular when the remote site is using a dynamic IP addresses.

 

Some systems support a "key id" for selecting a key.

 

Some vendors probably have some other options.

 

 

Although I said lets ignore IKEv2, IKEv2 also added fqdn and email address as ID options.  I find these much easier to work with.  Every company has an FQDN available to them, and you can easily create dummy email addresses (they don't have to be actual real email addresses) to identify sites, suchs site1@company.com, site2@company.com, etc.

Now you can create much more scalable VPN solutions without having to configure the IP address for each remote branch on the head end.

 

But if you have AutoVPN - you don't have that issue anyway.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.