Meraki

Community

About Signix

Re: Feature Request: IKEv2 Support in MX appliances

by in Security & SD-WAN
‎Jun 10 2019 5:58 AM
1 Kudo
‎Jun 10 2019 5:58 AM
1 Kudo
Sorry. Everything went well. After updating the firmware I have access to IKE v2 parameters.   I had to configure my Azure VPN with powershell :     # first get your current connexion on Azure $connection = Get-AzVirtualNetworkGatewayConnection -Name "Office" -ResourceGroupName "Internal" # then create an IPSec policy whith the lifetime and DH Group you configured on Meraki $ipsecpolicy = New-AzIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA1 ` -IkeEncryption AES256 -IkeIntegrity SHA1 -DhGroup DHGroup2 ` -PfsGroup None -SALifeTimeSeconds 3600 # Apply policy to your connection Set-AzVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connection -IpsecPolicies $ipsecpolicy -UsePolicyBasedTrafficSelectors $True     It is now working smoothly for a month and it solved a lot of our problems. The only downside is that you have to use a VpnGw1 subscription on Azure VPN which cost more than base subscription but this is way less than a virtual MX.   If you have any other question let me know. Have a nice day PS There is a nice conversation about this : https://community.meraki.com/t5/Security-SD-WAN/IKEv2-support-on-MX-devices/m-p/49088#M12406 ... View more

Re: IKEv2 support on MX devices

by in Security & SD-WAN
‎May 9 2019 5:41 AM
‎May 9 2019 5:41 AM
You still need to ask Meraki to enable IKEv2. I think that you can then change the configuration using the GUI (not tested) ... View more

Re: IKEv2 support on MX devices

by in Security & SD-WAN
‎May 3 2019 12:58 PM
3 Kudos
‎May 3 2019 12:58 PM
3 Kudos
For reference here is the procedure to change the lifetime on Azure as recommended by Meraki support.   Connect to azure Powershell and execute the following commands : Get existing connexion : $vpnconnection = Get-AzVirtualNetworkGatewayConnection -Name CONNEXION_NAME-ResourceGroupName RESSOURCE_GROUPE Create IKEv2 Policy (Default for Meraki is AES256 Encryption for both phase and SHA1 Integrity. $ipsecpolicy = New-AzIpsecPolicy -IpsecEncryption AES256 -IpsecIntegrity SHA1 ` -IkeEncryption AES256 -IkeIntegrity SHA1 -DhGroup DHGroup2 ` -PfsGroup None -SALifeTimeSeconds 3600 Set policy for connexion   Set-AzVirtualNetworkGatewayConnection -VirtualNetworkGatewayConnection $connection6 -IpsecPolicies $ipsecpolicy6 -UsePolicyBasedTrafficSelectors $True Note that once IKEv2 is activated in Meraki you can change the algorithms supported.   ... View more

Re: Feature Request: IKEv2 Support in MX appliances

by in Security & SD-WAN
‎May 2 2019 10:44 AM
2 Kudos
‎May 2 2019 10:44 AM
2 Kudos
I just contacted the Meraki support. I was asked to upgrade my firmware to beta and call them back to enable IKEv2. Update is schedule for this evening. I will tell you how it worked. ... View more
© 2024 Cisco Systems, Inc.