Site to Site VPN

ArshadSafrulla
Here to help

Site to Site VPN

Hi Experts,

 

I have 2 links in my MX Firewall, while the primary link is a Internet Conenction which is used only for Management, second link is a private MPLS link from Service provider which is providing connectivity our other sites. I hav requirement where one of my devices in one of my remote site needs to establish an IPSEC tunnel with my MX over the Private IP. In this case what would be my Meraki peer IP, and how can I achieve this design?

 

Also I have a requirement where my Wireless Concentrate MX is sitting in my DC which is having single uplink, in case of wireless SSID traffic flow, does it go to Internet and then come back to MX over it's public IP? 

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

If the MPLS network plugs into a WAN/Internet port on the MX then it will be the IP address on that port.

 

If it is a VLAN interface then this probably wont work.  You could trying giving the WAN IP on the MX you use for management, but I'm thinking this probably wont work.  If that doesn't work, then this is not a workable solution.

DensyoV
Meraki Employee
Meraki Employee

Hi,

The MX can only support IPsec on whatever is the active primary uplink so if you want to use the MPLS link then it is not supported.

For wireless concentrator, the concept is the same as auto-VPN. You can refer to the KB below regarding the traffic flow.

https://documentation.meraki.com/MR/Client_Addressing_and_Bridging/MR_Teleworker_VPN

The traffic actual VPN data flow depends on your infra, the sites are connected via MPLS then it routes the traffic through it. However, the VPN establishment and management rely Dashboard connectivity.

hope this helps.

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
ArshadSafrulla
Here to help

Hi Guys,

 

I am trying to understand below section cropped from the SSID tunneling page from Meraki Page.

Could you please guide me where I have to add the Meraki MX as my Radius Authenticator. I am really confused with this documentation

Capture.JPG

I don't think there is anything to configure.  The RADIUS requests will just get sent from the MX to your RADIUS server (instead of from the APs).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels