Hi guys,
My company has a campus style network with fiber run to multiple buildings. All internet bound traffic leaves thru an MX250 on the network edge. We also have some small branch offices that connect via site-to-site VPN to the same MX250 for remote connectivity. We are replacing the MX250 (which is currently the VPN hub) with a Palo Alto 3220 FW. I intended to setup a standard IPsec tunnel between the PA and the branch office MX64's but then realized we ditched all our static IP addresses on the cable modems at the branch offices a few years ago since we could use auto-VPN at the time.
I've read there are several ways to accomplish this using DDNS but after calling Meraki tech support I was told this wouldn't reliably work and that my only two real options were to purchase static IP's at all the branch offices again or leave the meraki in as simply a VPN concentrator (which I don't plan to do). Has anyone attempted to do something similar? I want to know if the tech was correct or if indeed this can be done. FW's have had this capability for years so I don't see why this couldn't be accomplished? Thanks in advance!!
