cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Site-to-Site based on FQDN

SOLVED
Conversationalist

Site-to-Site based on FQDN

Hello All,

 

I have several Organizations that have MX appliances and I would like to create a site-to-site VPN between them. Most of the remote branches have dynamic IP and the problem is that I can't find a way at the settings for "FQDN" connectivity nor dynamic tunnel creation if the shared secret from the remote end is correct" - like in the ASAs. 

 

Is there an optimal solution for that?

 

 

Thank you,

Matt

1 ACCEPTED SOLUTION

Accepted Solutions
Head in the Cloud

Re: Site-to-Site based on FQDN

Organization or networks ?

 

Networks will work by Auto-VPN.

If you really want to have an IPSec Tunnel between different organizations, I don´t think this will work, without static IPs, as you will have to use "Third Party" VPN Settings.

5 REPLIES 5
Head in the Cloud

Re: Site-to-Site based on FQDN

Organization or networks ?

 

Networks will work by Auto-VPN.

If you really want to have an IPSec Tunnel between different organizations, I don´t think this will work, without static IPs, as you will have to use "Third Party" VPN Settings.

Highlighted
Conversationalist

Re: Site-to-Site based on FQDN

Organizations. That's what I was afraid about, thank you. I hope there will be a solution for that in the future.

Head in the Cloud

Re: Site-to-Site based on FQDN

As far as my experience you can create a VPN to MX devices across different organizations and use a Dynamic IP, you will just have to update it when the VPN goes down, which you could setup alerts on and even update via a script.

Head in the Cloud

Re: Site-to-Site based on FQDN

would mean you have to do it daily... seems to be very anoying 😉

 

scripting could be a chance though, you´ll need to get the Public IP with this

 

HTTP REQUEST

GET /organizations/[organizationId]/deviceStatuses

PARAMETERS

None

SAMPLE REQUEST

curl -L -H 'X-Cisco-Meraki-API-Key: <key>' -X GET -H 'Content-Type: application/json' 'https://api.meraki.com/api/v0/organizations/[organizationId]/deviceStatuses'

SAMPLE RESPONSE

Successful HTTP Status: 200
[
  {
    "name":"My AP",
    "serial":"Q2XX-XXXX-XXXX",
    "mac":"00:11:22:33:44:55:66",
    "status":"online",
    "lanIp:"1.2.3.4",
    "publicIp":"4.3.2.1",
    "networkId":"N_1234"
   

 

And would need to set the VPN Parameters as well...

 

If you are able to script things like this... or If its even possible... (?) Not aware of scripting

Head in the Cloud

Re: Site-to-Site based on FQDN

In my experience with Dynamic Public IP from the ISP they don't change all the often. Usually only on a reboot and even then not always does the IP change. Is your provider changing the IP regularly? Is static not an option?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.