Non Meraki site to Site VPN with Oracle Cloud

SOLVED
BrandonMcGrew
Conversationalist

Non Meraki site to Site VPN with Oracle Cloud

Has anyone attempted to create a site to site VPN with the Oracle cloud. We need to set this up however some of the documentation I'm finding is not pointing me in the right direction. 

 

Setup : 9 sites. All using MX appliances in routed mode(they are edge device as well) with 2 ISPs in load balance. Site to site Mesh all sites using AutoVPN. 

 

Requirement : Create an IPSec Tunnel to Oracle VCN. All sites need access to the resources on the other side of the tunnel.

 

Issues / Questions : 

1. Site to sites scope : If all networks are set for the scope will each unique MX try to establish a IPSec tunnel to the endpoint from each public IP resulting in 18 unique IP Sec tunnels

2. Routing : From the documentation I read if you don't have subnets "advertised to VPN" the tunnel will not come online and that the subnets on each side have to match. The oracle side would be using the summary route for the network however ourside would not be advertising the full summary route because I can't add that to any one site.

 

Is this best accomplished with a concentrator (IE another Meraki MX behind my current pair)?

 

1 ACCEPTED SOLUTION

Accepted Solutions
PhilipDAth
Kind of a big deal

Re: Non Meraki site to Site VPN with Oracle Cloud

>Is this best accomplished with a concentrator (IE another Meraki MX behind my current pair)?

 

Yes.  It will also need to be in a different Meraki Dashboard network.

View solution in original post

3 REPLIES 3
PhilipDAth
Kind of a big deal

Re: Non Meraki site to Site VPN with Oracle Cloud

>Is this best accomplished with a concentrator (IE another Meraki MX behind my current pair)?

 

Yes.  It will also need to be in a different Meraki Dashboard network.

View solution in original post

BrandonMcGrew
Conversationalist

Re: Non Meraki site to Site VPN with Oracle Cloud

I suspected as such. On the new network, the appliance will not participate in autovpn but that will not prevent it from being able to use non-Meraki Site to Site VPN correct?

PhilipDAth
Kind of a big deal

Re: Non Meraki site to Site VPN with Oracle Cloud

Correct.  You just use static routing between the two MX appliances at the same physical location.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.