Site-to-Site based on FQDN

Solved
tmate
Conversationalist

Site-to-Site based on FQDN

Hello All,

 

I have several Organizations that have MX appliances and I would like to create a site-to-site VPN between them. Most of the remote branches have dynamic IP and the problem is that I can't find a way at the settings for "FQDN" connectivity nor dynamic tunnel creation if the shared secret from the remote end is correct" - like in the ASAs. 

 

Is there an optimal solution for that?

 

 

Thank you,

Matt

1 Accepted Solution
MarcP
Kind of a big deal

Organization or networks ?

 

Networks will work by Auto-VPN.

If you really want to have an IPSec Tunnel between different organizations, I don´t think this will work, without static IPs, as you will have to use "Third Party" VPN Settings.

View solution in original post

5 Replies 5
MarcP
Kind of a big deal

Organization or networks ?

 

Networks will work by Auto-VPN.

If you really want to have an IPSec Tunnel between different organizations, I don´t think this will work, without static IPs, as you will have to use "Third Party" VPN Settings.

tmate
Conversationalist

Organizations. That's what I was afraid about, thank you. I hope there will be a solution for that in the future.

SoCalRacer
Kind of a big deal

As far as my experience you can create a VPN to MX devices across different organizations and use a Dynamic IP, you will just have to update it when the VPN goes down, which you could setup alerts on and even update via a script.

MarcP
Kind of a big deal

would mean you have to do it daily... seems to be very anoying 😉

 

scripting could be a chance though, you´ll need to get the Public IP with this

 

HTTP REQUEST

GET /organizations/[organizationId]/deviceStatuses

PARAMETERS

None

SAMPLE REQUEST

curl -L -H 'X-Cisco-Meraki-API-Key: <key>' -X GET -H 'Content-Type: application/json' 'https://api.meraki.com/api/v0/organizations/[organizationId]/deviceStatuses'

SAMPLE RESPONSE

Successful HTTP Status: 200
[
  {
    "name":"My AP",
    "serial":"Q2XX-XXXX-XXXX",
    "mac":"00:11:22:33:44:55:66",
    "status":"online",
    "lanIp:"1.2.3.4",
    "publicIp":"4.3.2.1",
    "networkId":"N_1234"
   

 

And would need to set the VPN Parameters as well...

 

If you are able to script things like this... or If its even possible... (?) Not aware of scripting

SoCalRacer
Kind of a big deal

In my experience with Dynamic Public IP from the ISP they don't change all the often. Usually only on a reboot and even then not always does the IP change. Is your provider changing the IP regularly? Is static not an option?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels