Meraki

FabrizioF · ‎Sep 15 2021

Hi, someone has tried to connect with VPN SITE TO SITE between a MX and Fritz Box 7530?
thanks in advance

Fabrizio

ebrger · ‎Nov 11 2021

could you solve the problem or have you managed it? I also currently fail at this problem.
Maybe you can help.

FabrizioF · ‎Nov 11 2021

Unfortunately not
If I have news I'll update you

Grzegorz · ‎Jan 27 2022

Config on FritzBox side:

vpncfg {
        connections {
                enabled = yes;
                conn_type = conntype_lan;
                name = "VPN Name";
                always_renew = yes;
                reject_not_encrypted = no;
                dont_filter_netbios = yes;
                localip = 0.0.0.0;
                local_virtualip = 0.0.0.0;
                remoteip = 0.0.0.0;
                remote_virtualip = 0.0.0.0;
                remotehostname = "dyndns or ip";
                keepalive_ip = 192.168.1.1 local ip of MX;
                localid {
                        fqdn = "dyndns or ip FritzBox";
                }
                remoteid {
                        fqdn = "dyndns or ip MX";
                }
                mode = phase1_mode_idp;
                phase1ss = "all/all/all";
                keytype = connkeytype_pre_shared;
                key = "here put pre shared key";
                cert_do_server_auth = no;
                use_nat_t = yes;
                use_xauth = no;
                use_cfgmode = no;
                phase2localid {
                        ipnet {
                                ipaddr = 192.168.5.0 Private subnets of FritzBox;
                                mask = 255.255.255.0;
                        }
                }
                phase2remoteid {
                         ipnet {
                                ipaddr = 192.168.1.0 Private subnets of MX;
                                mask = 255.255.255.0;
                        }
                }
                phase2ss = "esp-aes256-3des-sha/ah-no/comp-lzs-no/pfs";
                accesslist = "permit ip any 192.168.1.0 255.255.255.0";
        }
        ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500", 
                            "udp 0.0.0.0:4500 0.0.0.0:4500";
}

Config on MX Side:

Public IP: Public Ip of FritzBox

RemoteID: DNS address of the Fritzbox
Private Subnet: Ip/Subnet of the Fritzbox

PSK: PSK which must be the same of both side

ICMP ping on MX must be set to Any in Firewall section

IPsec policies:

ebrger · ‎Jan 27 2022

Thank you, i will try it. Can you post an example, info of the other setting of Meraki? I'm afraid that I'm mixing something up. What values do you enter where exactly? Thanks a lot

Grzegorz · ‎Jan 27 2022

ebrger · ‎Jan 27 2022

i still don't quite understand what values are what, am i understanding correctly?:
Meraki
Name: Connection Name, won't matter
Public IP: IP of Meraki-MX
RemoteID: DNS address of the Fritzbox
Private Subnet: Ip/Subnet of the Fritzbox
PSK: PSK which must be the same

Fritzbox
localid {fqdn = "dyndns or ip";}: DNS address of the Fritzbox
remoteid {fqdn = "dyndns or ip";: Public IP of the MX
phase2localid: IP network of the Fritzbox
phase2remoteid: IP network of the MX

I ask because I can't see it clearly from your screenshots

Grzegorz · ‎Jan 27 2022

MX:

Public IP: Public Ip of FritzBox

RemoteID: DNS address of the Fritzbox
Private Subnet: Ip/Subnet of the Fritzbox

PSK: PSK which must be the same of both side

FRITZ
localid {fqdn = "dyndns or ip";}: DNS address of the Fritzbox
remoteid {fqdn = "dyndns or ip";: Public IP of the MX
phase2localid: IP network of the Fritzbox
phase2remoteid: IP network of the MX

Grzegorz · ‎Jan 27 2022

ICMP ping on MX must be set to Any in Firewall section

Meraki

Community

SITE-TO-SITE VPN between MX and FritzBox 7530

SITE-TO-SITE VPN between MX and FritzBox 7530