VPN Providers

StormTrooper
Here to help

VPN Providers

Hi,

 

I have a scenario where I need a specific VLAN to route traffic via a VPN provider (Express VPN for example)

 

Has anyone had a similar scenario and had success with it ?  I'm thinking I need to setup S-2-S VPN (Non-Meraki Peer) and tie down to the required VLAN ?

 

 

 

 

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal

Do you have any other VPNs configured at the moment, either AutoVPN or site to site VPN?

StormTrooper
Here to help

Nope, no other VPN's configured at present.  I've tagged the traffic to the specific VLAN and I know I can specify whether to use VPN for that VLAN, which will restict as I want.

 

I've setup previosuly using Merkai peers, which I know is straightforward enough and works like a dream, but never to a provider such as those mentioned.  

MijanurRahman
Getting noticed

It should be simple:
1. Add a local VLAN from 'Addressing & VLANS', you already know how to do it
2. Create a non-Meraki VPN Peer from 'Site to Site VPN'
3. Permit the new VLAN to communicate over the non-Meraki VPN, under 'VPN Settings' on previous page.

HTH.
StormTrooper
Here to help

After researching further I don't think this is  possible to achieve.


All 3rd party VPN providers require a Userid/Password as part of the authentication process, which is not possible via the Meraki VPN option for outgoing connections.

MijanurRahman
Getting noticed

So you are looking for client-to-site/remote access VPN connection using MX. No you can't do it, it supports site-to-site VPN only.

 

You don't need UserID or Username for a site-to-site VPN scenario. Preshared key with encryption methods in phases should suffice.

You can ask your VPN provider to provide required site-to-site VPN parameters, if they allow.

 

I dont see any standard firewall also supports it. Only option left is using DD-WRT, Tomatoe firmware, etc. Cisco ISR can be used as well.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels