site to site tunnel

Fabrizio
Here to help

site to site tunnel

Screenshot_3.pngGood morning, I have the mx64 model.

we want to make the site to site tunnel

When configuring to use site-to-site VPN, I realized that it does not meet the requirements for the connection. in phase 1 and 2,
For example, they ask me for the key exchange option (dh group) Group 20 but in mine it only reaches 14 and in phase two the same thing and it also asks for Authentication (hash) SHA-512 and it only reaches 256

Would it be necessary to change my model for another? And what other model does have the aforementioned?

9 Replies 9
alemabrahao
Kind of a big deal
Kind of a big deal

This is not a limitation of the MX model it is general to all MX models. Therefore, there is no point in changing the MX.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#IPsec_Policies

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Fabrizio
Here to help

In my case, they ask me for certain requirements for the connection, which my MX 64 model does not meet.

 

Yes, I have that manual.

 

I don't know if all MX models are the same.

alemabrahao
Kind of a big deal
Kind of a big deal

Yes, it is the same for ALL other models.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

In short, you need a firewall that is not Meraki.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Fabrizio
Here to help

Damn, Meraki had a friendly interface. any that you recommend?

alemabrahao
Kind of a big deal
Kind of a big deal

I sent you a private message.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Fabrizio
Here to help

thanks my friend!

PhilipDAth
Kind of a big deal
Kind of a big deal

Ask them to drop back to group 14.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels