Non Meraki VPN set up - What is 'Remote ID'

brad1028
Here to help

Non Meraki VPN set up - What is 'Remote ID'

I can't find what 'remote ID' is suppose to represent. In the parameters I have :
Name:
Public IP:
Remote ID:
Private subnets:
....
What is the Remote ID?

7 Replies 7
jdsilva
Kind of a big deal

Uhh... Where did that come from...? That never used to be there. The Non-Meraki VPN's I have set up have that field blank.

JasonCampbell
Getting noticed

Yeah the bigger problem is that ever since they intro'ed that field now Chrome tries to autofill my Meraki username password. If I don't catch it the PSK changes and breaks my VPN.

FIX THIS. YOU STATE CHROME IS THE PREFERRED BROWSER.
PhilipDAth
Kind of a big deal
Kind of a big deal

You'll need to post this into the Chrome community.  Cisco Meraki don't develop Chrome.

https://support.google.com/chrome/community?hl=en 

 

Ideally the feature we want (and a lot of other people want) is to disable autofill on a per domain basis.

 

 

Otherwise this is quite a cool (because it is simple) Chrome extension to do it.

https://superuser.com/questions/523877/can-i-disable-google-chrome-autofill-only-for-localhost 

 

 

JasonCampbell
Getting noticed

I respectfully decline. If Meraki is going to recommend Chrome browser they should not be using form names that ident with username/pw autofill.

BradMorgan
New here

Agree with Jason. This is a Meraki Front end issue.  They should not be using form names that generally autofill.

PhilipDAth
Kind of a big deal
Kind of a big deal

Haven't noticed that before, must be relatively new.  Remote ID is what the remote system uses to identify itself.  This varies between IKEv1 and IKEv2 - but lets stick with IKEv1.

 

The most commonly used option is "IP Address" - being the IP address configured on the remote devices WAN interface.  If the remote device is behind another device doing NAT then the peer IP address is usually the public IP on the outside of the NAT device and the remote ID is the private IP on the outside of the VPN device.

 

Another option is "dn" for distinguished name.  It is used during certificate authentication.  So not applicable in Meraki world.

 

"hostname" is another option.  This can be popular when the remote site is using a dynamic IP addresses.

 

Some systems support a "key id" for selecting a key.

 

Some vendors probably have some other options.

 

 

Although I said lets ignore IKEv2, IKEv2 also added fqdn and email address as ID options.  I find these much easier to work with.  Every company has an FQDN available to them, and you can easily create dummy email addresses (they don't have to be actual real email addresses) to identify sites, suchs site1@company.com, site2@company.com, etc.

Now you can create much more scalable VPN solutions without having to configure the IP address for each remote branch on the head end.

 

But if you have AutoVPN - you don't have that issue anyway.

ScottPR
Here to help

In sonicwalls, there's an identifying string internal to the sonicwall firewall that's used in site-to-site vpns. In the VPN Settings, it would be "Unique Firewall Identifier".

Get notified when there are additional replies to this discussion.