Describes how to configure your VPN tunnel to Cloudi-Fi using Meraki MX
Non-Meraki VPN peers with a default route
Choose which Meraki network will be forwarded in the IPSec tunnel :
You can create Site-to-site VPN tunnels between the MX appliance and Cloudi-Fi VPN endpoint under the Non-Meraki VPN peers section in the Security Appliance Configure Site-to-site VPN page.
Then click "Add a peer" and enter the following information:
· A name for your VPN tunnel.
· The public IP address of the peer IP communicated in your onboarding document.
· The hub should be configured as a default route for the Spoke (option to select), e.g. 0.0.0.0/0
should be specified as a default route to this peer.
· The IPsec policy to use.
· The preshared secret key (PSK) communicated in your onboarding document.
Use the Custom policy option to configure the IPsec policy manually
If you have a dynamic public IP, you must contact Meraki support to activate a feature allowing you to use an FQDN as a VPN identifier.
Once the feature is activated, you will have a new field named "User FQDN" for the VPN configuration:
Monitoring site-to-site VPN:
You can monitor the status of the site-to-VPN tunnels between your Meraki devices by clicking Security Appliance Monitor VPN Status. This page provides real-time status for the configured Meraki site-to-site VPN tunnels. It lists the subnet(s) being exported over the VPN, connectivity information between the MX appliance and the Meraki VPN registry, NAT Traversal information, and the encryption type used for all tunnels. Additionally, the Site connectivity list provides the following information for remote Meraki VPN peers:
Name of the remote Meraki VPN peer:
- Subnets that are being advertised over the VPN by the remote peer device.
- Status (whether the peer is currently reachable).
- Round-trip packet latency over the VPN (in milliseconds).
- Last time a heartbeat packet was sent to determine the status of the VPN tunnel (in seconds).
Additional troubleshooting from the Meraki documentation here
You can visit our Cisco Meraki partner page for more information and contact details.