Meraki

Community

Z3C with 3rd party vendors - IPSec VPN

Solved
nikmagashi
Getting noticed
‎Oct 21 2021 6:42 AM
‎Oct 21 2021 6:42 AM

Z3C with 3rd party vendors - IPSec VPN

Hi,

 

We are in need for a device which will be connected to one of our fortigate in our datacenter via vpn tunnel. We are looking for something flexible and easy to deploy and  we set sight to Z3C. Is there any problem with Z3C when it comes to establishing VPN tunnels with fortigate?

 

BR Nik

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 21 2021 12:15 PM
‎Oct 21 2021 12:15 PM

I think you'll be creating a lot of pain for yourself.  These usually sit behind home routers, so you'll probably need to setup port forwards on those ISP devices, and then most ISP connections use dynamic IP addresses - so you'll have to cope with that on your Fortigate.

 

A much simpler solution would be to also get a little MX67 and run it in VPN concentrator mode, and sit it behind your Foritgate.  The Z3s can use AutoVPN to automatically build a VPN to that device.  On your Foritgate you would then just add static routes via the MX67 for the remote sites.

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide 

View solution in original post

3 Replies 3
Ryan_Miles
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Oct 21 2021 11:29 AM
‎Oct 21 2021 11:29 AM

as long as the security policies and included subnets match on either end it should work. a google search found a few blogs in which people got it working. some even included screenshots of both the meraki and fortigate configs.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 21 2021 12:15 PM
‎Oct 21 2021 12:15 PM

I think you'll be creating a lot of pain for yourself.  These usually sit behind home routers, so you'll probably need to setup port forwards on those ISP devices, and then most ISP connections use dynamic IP addresses - so you'll have to cope with that on your Fortigate.

 

A much simpler solution would be to also get a little MX67 and run it in VPN concentrator mode, and sit it behind your Foritgate.  The Z3s can use AutoVPN to automatically build a VPN to that device.  On your Foritgate you would then just add static routes via the MX67 for the remote sites.

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide 

In response to PhilipDAth
nikmagashi
Getting noticed
‎Oct 24 2021 12:23 PM
‎Oct 24 2021 12:23 PM

Thanks a lot PhilipDAth, I think one-arm vpn concentrator is a solution here as we can standardize this and manage it easier. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.