Sorry. Everything went well. After updating the firmware I have access to IKE v2 parameters. I had to configure my Azure VPN with powershell : # first get your current connexion on Azure
$connection = Get-AzVirtualNetworkGatewayConnection -Name "Office" -ResourceGroupName "Internal"
# then create an IPSec policy whith the lifetime and DH Group you configured on Meraki
$ipsecpolicy = New-AzIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA1 `
-IkeEncryption AES256 -IkeIntegrity SHA1 -DhGroup DHGroup2 `
-PfsGroup None -SALifeTimeSeconds 3600
# Apply policy to your connection
Set-AzVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connection -IpsecPolicies $ipsecpolicy -UsePolicyBasedTrafficSelectors $True It is now working smoothly for a month and it solved a lot of our problems. The only downside is that you have to use a VpnGw1 subscription on Azure VPN which cost more than base subscription but this is way less than a virtual MX. If you have any other question let me know. Have a nice day PS There is a nice conversation about this : https://community.meraki.com/t5/Security-SD-WAN/IKEv2-support-on-MX-devices/m-p/49088#M12406
... View more
For reference here is the procedure to change the lifetime on Azure as recommended by Meraki support. Connect to azure Powershell and execute the following commands : Get existing connexion : $vpnconnection = Get-AzVirtualNetworkGatewayConnection -Name CONNEXION_NAME-ResourceGroupName RESSOURCE_GROUPE Create IKEv2 Policy (Default for Meraki is AES256 Encryption for both phase and SHA1 Integrity. $ipsecpolicy = New-AzIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA1 ` -IkeEncryption AES256 -IkeIntegrity SHA1 -DhGroup DHGroup2 ` -PfsGroup None -SALifeTimeSeconds 3600 Set policy for connexion Set-AzVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connection6 -IpsecPolicies $ipsecpolicy6 -UsePolicyBasedTrafficSelectors $True Note that once IKEv2 is activated in Meraki you can change the algorithms supported.
... View more