Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

site to site tunnel with firepower and mx84

Solved
AshC73
Getting noticed
‎Mar 17 2022 5:52 AM
‎Mar 17 2022 5:52 AM

site to site tunnel with firepower and mx84

Hi,

 

I am trying to setup a tunnel between a firepower and mx84.

I want to use IKEv2

Phase 1 AES 256 -- SHA256 -- DH 14 - 86400

 

Phase 2 AES256 -- SHA256 -- DH 14 -- 3600

 

Will the MX84 work with the above? 

I have had a quick test but connection wasn't made.

 

Thank you in advance.

 

Ash

0 Kudos
Subscribe
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 17 2022 6:17 AM
‎Mar 17 2022 6:17 AM

It should have worked. Did you check de Preshared's secret?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

Subscribe
10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 17 2022 6:17 AM
‎Mar 17 2022 6:17 AM

It should have worked. Did you check de Preshared's secret?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 17 2022 6:24 AM
‎Mar 17 2022 6:24 AM

Try to specify the remote id 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
AshC73
Getting noticed
‎Mar 17 2022 6:40 AM
‎Mar 17 2022 6:40 AM

So would that be the public or private ip of the firepower?

0 Kudos
Subscribe
In response to AshC73
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 17 2022 6:42 AM
‎Mar 17 2022 6:42 AM

try the public IP

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
AshC73
Getting noticed
‎Mar 17 2022 6:40 AM
‎Mar 17 2022 6:40 AM

Yes, the key was correct.

I am going to try again to see if there is anything is missed.

0 Kudos
Subscribe
KarstenI
Kind of a big deal
Kind of a big deal
‎Mar 17 2022 6:42 AM
‎Mar 17 2022 6:42 AM

How many networks do you have on each side of the VPN? If more than one, try using IKEv1.

https://documentation.meraki.com/MX/Site-to-site_VPN/IKEv1_and_IKEv2_for_non-Meraki_VPN_Peers_Compar...

Subscribe
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Mar 17 2022 7:41 AM
‎Mar 17 2022 7:41 AM

The bulk of the problems stem from having one or both devices behind a NAT which makes the IKE remote ID a problem if you cannot customize it or do it incorrectly.

 

Also make sure you configure a policy based VPN and not a route based one since Meraki does not support the latter yet.

0 Kudos
Subscribe
In response to GIdenJoe
AshC73
Getting noticed
‎Mar 18 2022 3:36 AM
‎Mar 18 2022 3:36 AM

Thank you, we are going to try it again next Wednesday as it is a live system.

We currently have a tunnel but use IKEv1 and it is a ASA.


Fingers crossed.

0 Kudos
Subscribe
AshC73
Getting noticed
‎Mar 23 2022 4:10 AM
‎Mar 23 2022 4:10 AM

Tunnel its up. 

I didnt need to add remote peer ID.

 Settings i posted all worked.

 

Thank you all for your replies.

0 Kudos
Subscribe
In response to AshC73
thomasthomsen
Head in the Cloud
‎Nov 9 2022 11:44 PM
‎Nov 9 2022 11:44 PM

So what was the problem ?

Was it just the Pre-shared key ?

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.