Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Organization-wide settings for multiple Meraki MX devices L2L VPN to FTD Headend

DylanEbner
Conversationalist
‎Oct 3 2023 10:28 AM
‎Oct 3 2023 10:28 AM

Organization-wide settings for multiple Meraki MX devices L2L VPN to FTD Headend

We are testing the Meraki MX68s to replace our aging remote ASA FWs and ISR2 routers. We have about 2 dozen remote sites that current have a L2L VPN  to a FTD pair at our DC.

 

How do people configure the Organization-wide settings on the Meraki Dashboard? Do you configure one non-meraki peer and then on the FTDs make sure every remote vpn is using the same crypto policy (including PSK)? Or do you tag the networks for each meraki and make one non-meraki vpn peer per site?

 

 Thanks!

0 Kudos
Subscribe
1 Reply 1
KarstenI
Kind of a big deal
Kind of a big deal
‎Oct 4 2023 1:17 AM
‎Oct 4 2023 1:17 AM

With 20+ sites I would always put an additional MX-Pair as a concentrator into the DC and use AutoVPN. It will make everything so much easier.

Otherwise, I would go with the "one peer" approach. Although using wildcard PSK is not a best practice, the main problem with them is the logistics problem when the PSK is compromized. But this is not the case with the cloud based config where the PSK can be easily changed for many devices simultaneously.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.