Meraki

Community

Organization-wide settings for multiple Meraki MX devices L2L VPN to FTD Headend

DylanEbner
Conversationalist
‎Oct 3 2023 10:28 AM
‎Oct 3 2023 10:28 AM

Organization-wide settings for multiple Meraki MX devices L2L VPN to FTD Headend

We are testing the Meraki MX68s to replace our aging remote ASA FWs and ISR2 routers. We have about 2 dozen remote sites that current have a L2L VPN  to a FTD pair at our DC.

 

How do people configure the Organization-wide settings on the Meraki Dashboard? Do you configure one non-meraki peer and then on the FTDs make sure every remote vpn is using the same crypto policy (including PSK)? Or do you tag the networks for each meraki and make one non-meraki vpn peer per site?

 

 Thanks!

0 Kudos
1 Reply 1
KarstenI
Kind of a big deal
Kind of a big deal
‎Oct 4 2023 1:17 AM
‎Oct 4 2023 1:17 AM

With 20+ sites I would always put an additional MX-Pair as a concentrator into the DC and use AutoVPN. It will make everything so much easier.

Otherwise, I would go with the "one peer" approach. Although using wildcard PSK is not a best practice, the main problem with them is the logistics problem when the PSK is compromized. But this is not the case with the cloud based config where the PSK can be easily changed for many devices simultaneously.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.