Z3C with 3rd party vendors - IPSec VPN

SOLVED
nikmagashi
Getting noticed

Z3C with 3rd party vendors - IPSec VPN

Hi,

 

We are in need for a device which will be connected to one of our fortigate in our datacenter via vpn tunnel. We are looking for something flexible and easy to deploy and  we set sight to Z3C. Is there any problem with Z3C when it comes to establishing VPN tunnels with fortigate?

 

BR Nik

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

I think you'll be creating a lot of pain for yourself.  These usually sit behind home routers, so you'll probably need to setup port forwards on those ISP devices, and then most ISP connections use dynamic IP addresses - so you'll have to cope with that on your Fortigate.

 

A much simpler solution would be to also get a little MX67 and run it in VPN concentrator mode, and sit it behind your Foritgate.  The Z3s can use AutoVPN to automatically build a VPN to that device.  On your Foritgate you would then just add static routes via the MX67 for the remote sites.

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide 

View solution in original post

3 REPLIES 3
Ryan_Miles
Meraki Employee
Meraki Employee

as long as the security policies and included subnets match on either end it should work. a google search found a few blogs in which people got it working. some even included screenshots of both the meraki and fortigate configs.

PhilipDAth
Kind of a big deal
Kind of a big deal

I think you'll be creating a lot of pain for yourself.  These usually sit behind home routers, so you'll probably need to setup port forwards on those ISP devices, and then most ISP connections use dynamic IP addresses - so you'll have to cope with that on your Fortigate.

 

A much simpler solution would be to also get a little MX67 and run it in VPN concentrator mode, and sit it behind your Foritgate.  The Z3s can use AutoVPN to automatically build a VPN to that device.  On your Foritgate you would then just add static routes via the MX67 for the remote sites.

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide 

Thanks a lot PhilipDAth, I think one-arm vpn concentrator is a solution here as we can standardize this and manage it easier. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels