cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN/IPSec Compatibility Meraki MX250 with Mikrotik RB450

SOLVED
Here to help

VPN/IPSec Compatibility Meraki MX250 with Mikrotik RB450

Hi,

 

Anybody know or have experience about VPN/IPSec integration between Meraki MX250 with Mikrotik RB450? I have 2 unit Meraki MX250 in DC and would be connect with Mikrotik RB450 in Branch through VPN/IPSec. I am worried whether this is possible?

 

Each response would be very appreciated:)

 

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

Hi,

Meraki by default uses L2TP with IPsec encryption for Meraki to Meraki VPNs which benefit from the device trust inbuilt from the back end connection to the Meraki cloud. However, for VPN connections to non-Meraki peers utilizes IPsec with IKEv1 for VPNs.

The default IPsec profile settings of the Mikrotik routers will often fail in phase 1 with a "phase1 negotiation failed due to time out".

I have found that these settings need to be customized as below to get the VPN connected:

 

/ip ipsec profile
set [ find default=yes ] lifetime=8h
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc lifetime=8h pfs-group=none

 

Hope this helps all who have to integrate not only Mikrotik routers but other routers as well. If you need any further help just let me know. Cheers

 

WD

View solution in original post

12 REPLIES 12
Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

Hi,

Meraki by default uses L2TP with IPsec encryption for Meraki to Meraki VPNs which benefit from the device trust inbuilt from the back end connection to the Meraki cloud. However, for VPN connections to non-Meraki peers utilizes IPsec with IKEv1 for VPNs.

The default IPsec profile settings of the Mikrotik routers will often fail in phase 1 with a "phase1 negotiation failed due to time out".

I have found that these settings need to be customized as below to get the VPN connected:

 

/ip ipsec profile
set [ find default=yes ] lifetime=8h
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc lifetime=8h pfs-group=none

 

Hope this helps all who have to integrate not only Mikrotik routers but other routers as well. If you need any further help just let me know. Cheers

 

WD

View solution in original post

Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

Hi,

 

Thanks for your answer, I curious what is non Meraki device which ever have you tried connect through VPN/IPSec?

 

Regards,

Highlighted
Kind of a big deal

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450


@WD wrote:

Hi,

Meraki by default uses L2TP with IPsec encryption for Meraki to Meraki VPNs which benefit from the device trust inbuilt from the back end connection to the Meraki cloud. However, for VPN connections to non-Meraki peers utilizes IPsec with IKEv1 for VPNs.

 


L2TP over IPSec is only being used for Remote Access VPN.

Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

Have been successful in connecting Cisco (1841, even older 1721 routers), Sophos XG as well as Mikrotik RB850Gx2 and RB450Gx4. Anything that is not built by Meraki and connected to the Meraki cloud basically.

 

Setting up VPN connectivity on devices that do not permit ipsec profile customization on lower end routers such as the DLink DSR 500 or 1000 has failed a lot for me.

 

WD
Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

hi,

 

I mean VPN in this topic is Site-to-Site VPN, is it treated same?

 

Thanks,

Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

hi,

 

Sorry I mean VPN/IPSec in this topic is Site-to-Site VPN, is it VPN/IPSec which you configured in Meraki and Non Meraki device was Site-to-Site VPN or Remote access VPN like opinion below?

 

Thanks,

Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

I was referring only to setting up of Site-to-Site VPN.

 

Sorry I always assumed AutoVPN (used by Meraki for pushing site-to site VPNs) used L2TP.

WD
Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

Thanks I always assumed AutoVPN (used by Meraki for pushing site-to site VPNs) used L2TP.

WD
Highlighted
Kind of a big deal

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

Hi,

 

Is this configuration below for Mikrotik (Non Meraki) side?

 

/ip ipsec profile
set [ find default=yes ] lifetime=8h
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc lifetime=8h pfs-group=none

 

Thanks,

 

 

Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

Yes this is for the Mikrotik side. Meraki only gives you few options that you need the other side to adhere to.

WD
Highlighted
Here to help

Re: IPSec Compatibility Meraki MX250 with Mikrotik RB450

Yes this is for site to site VPN

WD
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.