Non Meraki site to Site VPN with Oracle Cloud

Solved
BrandonMcGrew
Here to help

Non Meraki site to Site VPN with Oracle Cloud

Has anyone attempted to create a site to site VPN with the Oracle cloud. We need to set this up however some of the documentation I'm finding is not pointing me in the right direction. 

 

Setup : 9 sites. All using MX appliances in routed mode(they are edge device as well) with 2 ISPs in load balance. Site to site Mesh all sites using AutoVPN. 

 

Requirement : Create an IPSec Tunnel to Oracle VCN. All sites need access to the resources on the other side of the tunnel.

 

Issues / Questions : 

1. Site to sites scope : If all networks are set for the scope will each unique MX try to establish a IPSec tunnel to the endpoint from each public IP resulting in 18 unique IP Sec tunnels

2. Routing : From the documentation I read if you don't have subnets "advertised to VPN" the tunnel will not come online and that the subnets on each side have to match. The oracle side would be using the summary route for the network however ourside would not be advertising the full summary route because I can't add that to any one site.

 

Is this best accomplished with a concentrator (IE another Meraki MX behind my current pair)?

 

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

>Is this best accomplished with a concentrator (IE another Meraki MX behind my current pair)?

 

Yes.  It will also need to be in a different Meraki Dashboard network.

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

>Is this best accomplished with a concentrator (IE another Meraki MX behind my current pair)?

 

Yes.  It will also need to be in a different Meraki Dashboard network.

BrandonMcGrew
Here to help

I suspected as such. On the new network, the appliance will not participate in autovpn but that will not prevent it from being able to use non-Meraki Site to Site VPN correct?

PhilipDAth
Kind of a big deal
Kind of a big deal

Correct.  You just use static routing between the two MX appliances at the same physical location.

SamW
Comes here often

Hi, reviving this thread as I need to set up a site-to-site VPN from my Meraki MX250 with a business partner using Oracle Cloud.  I'm looking for assistance with the Meraki IPSec settings to make this work?  Oracle lists them below, but I'm thinking someone has some real-world experience or advice?  Thanks in advance!

 

https://docs.oracle.com/en-us/iaas/Content/Network/Reference/supportedIPsecparams.htm#Supported_IPSe...

Get notified when there are additional replies to this discussion.