Meraki

Community

Sit to Site VPN Issues

DominiqueB
Comes here often
‎Jul 6 2018 7:48 AM
‎Jul 6 2018 7:48 AM

Sit to Site VPN Issues

Currently our security appliance(MX250) is setting behind our current firewall (Cisco ASA 5520). We want to establish a site to site vpn connection to another office using that has another security appliance installed(MX84). My question is do you have to change anything on the CISCO ASA 5520 so that I can setup a hub and spoke site to site vpn between the MX250 and the MX84? Currently we can't get any traffic back in forth between the two using the site to site vpn on the Meraki dashboard.

 

0 Kudos
3 Replies 3
ww
Kind of a big deal
Kind of a big deal
‎Jul 6 2018 9:58 AM
‎Jul 6 2018 9:58 AM

is the vpn up? if not, use the log from cisco  asa to track your ip/session

0 Kudos
JasonCampbell
Getting noticed
‎Jul 6 2018 10:59 AM
‎Jul 6 2018 10:59 AM

I believe you would need to switch Site-to-Site mode to Unfriendly NAT, pick a port to open on the ASA, push all traffic from that port to the main MX, and map it to the other MX.

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Troubleshooting_VPN_Registration_for_Meraki_A...

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 6 2018 12:09 PM
‎Jul 6 2018 12:09 PM

On the whole, it is likely to "just" work.  AutoVPN is very good at punching through UDP ports.  Only if it doesn't work automatically would I do the NAT unfriendly option.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.