Two different Organisations with two MX

SOLVED
Holli69
Getting noticed

Two different Organisations with two MX

Hi,

 

we have 2 Organisations, one with MX100, the other one with MX450. We want to build a VPN tunnel between the 2 Orgas. 

 

As I know, AutoVPN isn't working, only configuration like a non-Meraki VPN.

 

Has anyone experience with this configuration ?

 

1) How stable is the VPN tunnel ? 

2) Is this config possible with IKEv2 instead of IKEv1, transfering 3 Subnets within the tunnel ?

 

We like to go with IKEv2 if this is possible ?

 

1 ACCEPTED SOLUTION
CptnCrnch
Kind of a big deal

1) Stable enough for production use. Guess this will be the most accurate answer you'll get.

2) Yeah, IKEv2 is completely supported since 15.2.

 

Please take a look at the note mentioned on Site-to-Site VPN Settings - Cisco Meraki:

"When configuring NMVPN connections between 2 MXs in different organizations that are running MX15 code and above that are not using a UserFQDN and are NATed behind an upstream device, please ensure that the remote ID field of the NMVPN peer is filled out with the private IP address of the remote NATed MX."

View solution in original post

2 REPLIES 2
CptnCrnch
Kind of a big deal

1) Stable enough for production use. Guess this will be the most accurate answer you'll get.

2) Yeah, IKEv2 is completely supported since 15.2.

 

Please take a look at the note mentioned on Site-to-Site VPN Settings - Cisco Meraki:

"When configuring NMVPN connections between 2 MXs in different organizations that are running MX15 code and above that are not using a UserFQDN and are NATed behind an upstream device, please ensure that the remote ID field of the NMVPN peer is filled out with the private IP address of the remote NATed MX."

@CptnCrnch 

Many thanks for your reply. Is Site-to-Site VPN with IKEv2 possible with more than 1 Subnet (e.g. 3-4 Subnets)

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels