Sorry - there are 2 ways to set up a VPN to AWS with a Meraki.   Both must be Static as Meraki does not support BGP for Dynamic.   1.  Create a Virtual Private Gateway and a Site to Site VPN Connection.. 2.  Create a Transit Gateway then create a Transit Gateway Attachment type of VPN.   I use option 2 due to our many VPCs and accounts.   It's just easier to route in and out of a TGW from a VPN than to route through a VPC when you're dealing with other accounts.   Either way, you'll need a static route table since the Meraki does not support BGP.   So, with option 1, you'll add your static routes to the VPN static route table.   Option 2 you will create a TGW Route Table, associate it to your VPN Attachment, and add the static routes there.    Either way, you'll need routes defined in the VPN to point to networks on the other side of the Meraki and on the AWS VPC side.   The Public IP on the AWS side is listed in the Configuration Download option for Meraki (as is the public key and such).   The Public IP for the Meraki that you would enter on the AWS VPN side for your customer gateway is Security & SD-WAN > Appliance Status > Uplink (tab) > General Public IP ... View more

I was able to confirm with Meraki that there is no API interface at this time to that configuration.   I've added it to the wish list and I, apparently, wasn't the only one. ... View more

Point 2:   I removed the optional local IP data from the VPN fields.  Local ID and Remote ID in the 3rd party VPN config I just leave blank   Point 5:  Ensure that your VPN on the AWS side has an associated route table with your meraki side internal networks (NATed?) pointing to the VPN and your AWS VPC destinations. Go to your VPN Attachment (I use TGWs) and configure the attachment route table.  Ensure that the Meraki side network address(es) have a route back to the VPN and that your AWS networks have routes to the VPCs. Same holds true for VPG configurations - VPC route table should point both ways. ... View more

I've been doing a lot of testing to get our AWS TGW VPNs connected to Meraki.   Here's what I've found: 1.  Make sure that your params match *exactly*.   I have mine set to sha256, aes256, and dh14 exclusively. 2.  I removed the optional local IP data from the VPN fields.  3.  Establish a route from an inside client and start a continuous ping.   Theoretically AWS using IKE2 can establish the tunnel from their side, but our Meraki is going through a NAT'd internet gateway so there's no path to establish from the AWS side. 4.  Ensure that your VPN on the AWS side uses the 0.0.0.0/0 subnet for local and remote subnet 5.  Ensure that your VPN on the AWS side has an associated route table with your meraki side internal networks (NATed?) pointing to the VPN and your AWS VPC destinations.   I was able to get mine running.   Also - using a lamda to update the Meraki destination VPN IP in case of an AZ failure. ... View more