Sit to Site VPN Issues

DominiqueB
Comes here often

Sit to Site VPN Issues

Currently our security appliance(MX250) is setting behind our current firewall (Cisco ASA 5520). We want to establish a site to site vpn connection to another office using that has another security appliance installed(MX84). My question is do you have to change anything on the CISCO ASA 5520 so that I can setup a hub and spoke site to site vpn between the MX250 and the MX84? Currently we can't get any traffic back in forth between the two using the site to site vpn on the Meraki dashboard.

 

3 Replies 3
ww
Kind of a big deal
Kind of a big deal

is the vpn up? if not, use the log from cisco  asa to track your ip/session

JasonCampbell
Getting noticed

I believe you would need to switch Site-to-Site mode to Unfriendly NAT, pick a port to open on the ASA, push all traffic from that port to the main MX, and map it to the other MX.

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Troubleshooting_VPN_Registration_for_Meraki_A...

PhilipDAth
Kind of a big deal
Kind of a big deal

On the whole, it is likely to "just" work.  AutoVPN is very good at punching through UDP ports.  Only if it doesn't work automatically would I do the NAT unfriendly option.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels