non meraki site to site tunnel meraki mx-84 to CIsco ISR 43xx and 44xx

cocacond
Here to help

non meraki site to site tunnel meraki mx-84 to CIsco ISR 43xx and 44xx

We are looking at dropping MPLS and was wondering if anyone had created tunnels between Meraki MX devices and a cisco ISR device.

4 REPLIES 4
Jwiley78
Building a reputation

We've had a site to site with Meraki and an ASA.  It can be a little flaky at times.  It can work I'm sure and hopefully some of the firmware releases have fixed some of these issues.

 

If you have the availability to go Meraki to Meraki that would be my suggestion.

I dont have the ability at this time.

GIdenJoe
Kind of a big deal

Well, you should get it to work if you don't over complicate things.

You'll need to use IKEv1 for the exchange and only policy based VPNs are supported.
The Meraki side will need to be configured as Hub.
You cannot have traffic going through a non-meraki VPN and then through Auto-VPN.  Each Meraki peer needs a direct non-meraki VPN connection to each remote peer.

Try to use as few traffic selectors as possible.
Rather use a supernet than use individual subnets if you can.
Because there sometimes are issues where a tunnel is basically up but one of the Child-SA's is not and you have to bounce the entire tunnel to get them all back.

SopheakMang
Building a reputation

yes , it working just fine, you can fine the option in the dachboard for peering with non-meraki device,

for the advance algorithm , you need to open support case and tell them to help change the config at the backend in case you can't fine the advance option in dashboard
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels