Site to Site Meraki VPN with non Meraki Appliance

LuisCovarrubias
Here to help

Site to Site Meraki VPN with non Meraki Appliance

Hello everyone,

 

I'm 

 

I explain you, I'm working on a PoC (Proof of Concept) to configure an VPN IPSec tunnel between a Meraki MX65 in one site and Checkpoint 600 in a branch office and I'm having some lack of the knowledge in Security VPN topics.

 

Here's the thing, the Meraki MX65 has a link provided by an ISP and the IP address in the Internet 2 interface never changes (I configure it manually on that interface) and in the other hand, the the Checkpoint 600 it's behind and Internet Modem, the Phase 1 and Phase 2 of the tunnel it's ok, the NAT it's working ok and the PC's in the subnets announced in the VPN can communicate between them.

 

But, from the Meraki MX, in the VPN config, I'm pointing to the Internet Modem ip public address, this it's not the right thing to do 'cause this IP address can change anytime the ISP (Telmex) wants, even without notifying me obviously because that's not an dedicated link to the branch,

 

Reading some Meraki MX documentation, I realized that the MX's uses their hostname to make an easy automatic VPN between appliances with "non-provisioning or config required".

 

my question is, is there a way to point i create a tunnel using a DDNS or a hostname to point to the Checkpoint 600 instead of using and IP address?

 

Or how can I can solve this, it'd be neccesary another MX appliance?

 

I share with all of you and network diagram of the PoC:

Meraki MX.png

 

If you can help me, I'll really appreciate your help.

 

Regards

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

If the remote end has a dynamic IP address then you won't get it to work. Both ends need a static IP address.
Ben
A model citizen

Both end needs a static ip as @PhilipDAth said or buy another MX device. 

If the remote branch is not that big perhaps consider buying a Z3 if the budget does not allow an MX?

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Replace the checkpoint with an MX of you want it to work.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels