Meraki Community

mumer1 · ‎Jun 22 2023

Dear Guys.

I want to configure site to site vpn between Cisco Meraki MX95 and Paloalto.

As Paloalto is placed in the Head office and Meraki Mx95 is in the branch office.

Instead of Public or Live IP, i need to use Hostname. I created DYNDNS hostnames on https://account.dyn.com/.

Shall the Mx95 be Hub or Spoke?

What IKE version I shall use?

What will be the Public IP/Hostname?

What will be Local & Remote ID?

Guide me the parameters (Encryption, Hashing) etc. so that it would be easy for me to establish the tunnel.

Madhan_kumar_G · ‎Jun 22 2023

Hi,

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings

Followup the link for the below topics,

Non-Meraki VPN peers
Non-Meraki VPN Peering with FQDN

PhilipDAth · ‎Jun 22 2023

If there is no other AutoVPN configuration, the MX will have to be a hub. You can only select a spoke when another Meraki hub is already in the organisation.

I would try and use IKEv2.

The ID is usually the static public IP address that each party will be known by. Having dynamic IP addresses will substantially complicate the configuration. You may not get it working at all.

mumer1 · ‎Jul 4 2023

Dear Member.

I had configured the VPN and the status is UP, but the issue that is being faced is i am unable to ping remote networks.

Secondly it is showing (This security appliance is behind a VPN-friendly NAT).

Kindly guide me on these.

Meraki Community

Site-to-Site VPN MX95 using DDNS or FQDN

Site-to-Site VPN MX95 using DDNS or FQDN

Non-Meraki VPN peers
Non-Meraki VPN Peering with FQDN

Site-to-Site VPN MX95 using DDNS or FQDN

Site-to-Site VPN MX95 using DDNS or FQDN

Non-Meraki VPN peersNon-Meraki VPN Peering with FQDN

Non-Meraki VPN peers
Non-Meraki VPN Peering with FQDN