This article will guide you through configuring a captive portal using a VPN tunnel to Cloudi-Fi, ensuring a seamless and secure network connection.
Prerequisites:
Before diving into the configuration process, ensure you have the following:
- Access to the Meraki management console.
- Access to the Cloudi-Fi management console.
- Basic understanding of networking concepts and VPN configurations.
Get VPN Parameters Information from Interface:
You will need the VPN information (VPN Key, VPN Secret and endpoints) to set up.
- Access your Cloudi-Fi admin console.
- Navigate to the "Locations" section
- Next, select your location and "Edit Location".
Step 1: Select the network to Forward in the IPSec Tunnel
- Access the Meraki MX management console.
-
Locate and select "Security & SD-WAN" from the left-hand menu.
- Next, "Site-to-site VPN" section
- Choose which Meraki network will be forwarded in the IPSec tunnel :
- You can create Site-to-site VPN tunnels between the MX appliance and Cloudi-Fi VPN endpoint under the Non-Meraki VPN peers section in the Security Appliance Configure Site-to-site VPN page.
- You can create Site-to-site VPN tunnels between the MX appliance and Cloudi-Fi VPN endpoint under the Non-Meraki VPN peers section in the Security Appliance Configure Site-to-site VPN page.
Step 2: Configure Site-to-Site VPN
- Under the "Site-to-site VPN" section, click on "Non-Meraki VPN peers" and then click the "Add a peer" button.
- Enter the Cloudi-Fi-provided information into the respective fields:
- A name for your VPN tunnel.
- The public IP address of the peer IP
- The hub should be configured as a default route for the Spoke (option to select). E.g. 0.0.0.0/0 should be specified as a default route to this peer.
- The preshared secret key (PSK)
- IPsec policies
- Use the Custom policy option to configure the IPsec policy manually to match the Zscaler Supported Parameters.
If you have a dynamic public IP, you must contact Meraki support to activate a feature allowing you to use an FQDN as a VPN identifier.
Once the feature is activated, you will have a new field named "User FQDN" for the VPN configuration:
Troubleshooting:
If you encounter any issues during the configuration process or experience connectivity problems after setting up the VPN tunnel, consider the following troubleshooting steps:
- Verify that the IPsec PSK and other parameters are correctly entered into the Meraki MX configuration.
- Check for any misconfigurations in the traffic selector settings.
- Review logs and event messages on both Meraki MX for any error indications.
- Additional troubleshooting from the Meraki documentation here