Meraki

Community

Site-to-Site based on FQDN

Solved
tmate
Conversationalist
‎May 22 2019 12:09 AM
‎May 22 2019 12:09 AM

Site-to-Site based on FQDN

Hello All,

 

I have several Organizations that have MX appliances and I would like to create a site-to-site VPN between them. Most of the remote branches have dynamic IP and the problem is that I can't find a way at the settings for "FQDN" connectivity nor dynamic tunnel creation if the shared secret from the remote end is correct" - like in the ASAs. 

 

Is there an optimal solution for that?

 

 

Thank you,

Matt

0 Kudos
1 Accepted Solution
MarcP
Kind of a big deal
‎May 22 2019 5:09 AM
‎May 22 2019 5:09 AM

Organization or networks ?

 

Networks will work by Auto-VPN.

If you really want to have an IPSec Tunnel between different organizations, I don´t think this will work, without static IPs, as you will have to use "Third Party" VPN Settings.

View solution in original post

5 Replies 5
MarcP
Kind of a big deal
‎May 22 2019 5:09 AM
‎May 22 2019 5:09 AM

Organization or networks ?

 

Networks will work by Auto-VPN.

If you really want to have an IPSec Tunnel between different organizations, I don´t think this will work, without static IPs, as you will have to use "Third Party" VPN Settings.

In response to MarcP
tmate
Conversationalist
‎May 22 2019 5:11 AM
‎May 22 2019 5:11 AM

Organizations. That's what I was afraid about, thank you. I hope there will be a solution for that in the future.

0 Kudos
In response to tmate
SoCalRacer
Kind of a big deal
‎May 22 2019 8:35 AM
‎May 22 2019 8:35 AM

As far as my experience you can create a VPN to MX devices across different organizations and use a Dynamic IP, you will just have to update it when the VPN goes down, which you could setup alerts on and even update via a script.

0 Kudos
In response to SoCalRacer
MarcP
Kind of a big deal
‎May 22 2019 11:35 PM
‎May 22 2019 11:35 PM

would mean you have to do it daily... seems to be very anoying 😉

 

scripting could be a chance though, you´ll need to get the Public IP with this

 

HTTP REQUEST

GET /organizations/[organizationId]/deviceStatuses

PARAMETERS

None

SAMPLE REQUEST

curl -L -H 'X-Cisco-Meraki-API-Key: <key>' -X GET -H 'Content-Type: application/json' 'https://api.meraki.com/api/v0/organizations/[organizationId]/deviceStatuses'

SAMPLE RESPONSE

Successful HTTP Status: 200
[
  {
    "name":"My AP",
    "serial":"Q2XX-XXXX-XXXX",
    "mac":"00:11:22:33:44:55:66",
    "status":"online",
    "lanIp:"1.2.3.4",
    "publicIp":"4.3.2.1",
    "networkId":"N_1234"
   

 

And would need to set the VPN Parameters as well...

 

If you are able to script things like this... or If its even possible... (?) Not aware of scripting

0 Kudos
In response to MarcP
SoCalRacer
Kind of a big deal
‎May 23 2019 8:10 AM
‎May 23 2019 8:10 AM

In my experience with Dynamic Public IP from the ISP they don't change all the often. Usually only on a reboot and even then not always does the IP change. Is your provider changing the IP regularly? Is static not an option?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.