Meraki

Community

Non Meraki site to Site VPN with Oracle Cloud

Solved
BrandonMcGrew
Here to help
‎Jul 31 2020 9:02 AM
‎Jul 31 2020 9:02 AM

Non Meraki site to Site VPN with Oracle Cloud

Has anyone attempted to create a site to site VPN with the Oracle cloud. We need to set this up however some of the documentation I'm finding is not pointing me in the right direction. 

 

Setup : 9 sites. All using MX appliances in routed mode(they are edge device as well) with 2 ISPs in load balance. Site to site Mesh all sites using AutoVPN. 

 

Requirement : Create an IPSec Tunnel to Oracle VCN. All sites need access to the resources on the other side of the tunnel.

 

Issues / Questions : 

1. Site to sites scope : If all networks are set for the scope will each unique MX try to establish a IPSec tunnel to the endpoint from each public IP resulting in 18 unique IP Sec tunnels

2. Routing : From the documentation I read if you don't have subnets "advertised to VPN" the tunnel will not come online and that the subnets on each side have to match. The oracle side would be using the summary route for the network however ourside would not be advertising the full summary route because I can't add that to any one site.

 

Is this best accomplished with a concentrator (IE another Meraki MX behind my current pair)?

 

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 1 2020 4:13 PM
‎Aug 1 2020 4:13 PM

>Is this best accomplished with a concentrator (IE another Meraki MX behind my current pair)?

 

Yes.  It will also need to be in a different Meraki Dashboard network.

View solution in original post

0 Kudos
4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 1 2020 4:13 PM
‎Aug 1 2020 4:13 PM

>Is this best accomplished with a concentrator (IE another Meraki MX behind my current pair)?

 

Yes.  It will also need to be in a different Meraki Dashboard network.

0 Kudos
In response to PhilipDAth
BrandonMcGrew
Here to help
‎Aug 3 2020 4:55 AM
‎Aug 3 2020 4:55 AM

I suspected as such. On the new network, the appliance will not participate in autovpn but that will not prevent it from being able to use non-Meraki Site to Site VPN correct?

0 Kudos
In response to BrandonMcGrew
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 3 2020 6:49 AM
‎Aug 3 2020 6:49 AM

Correct.  You just use static routing between the two MX appliances at the same physical location.

0 Kudos
SamW
Comes here often
‎May 16 2022 2:50 PM
‎May 16 2022 2:50 PM

Hi, reviving this thread as I need to set up a site-to-site VPN from my Meraki MX250 with a business partner using Oracle Cloud.  I'm looking for assistance with the Meraki IPSec settings to make this work?  Oracle lists them below, but I'm thinking someone has some real-world experience or advice?  Thanks in advance!

 

https://docs.oracle.com/en-us/iaas/Content/Network/Reference/supportedIPsecparams.htm#Supported_IPSe...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.