Skip to main content

Search

How can we help ?

Cisco Meraki MX - routing (tunnels) deployment

Alexandre de THOMASSON
  • Updated

This article will guide you through configuring a captive portal using a VPN tunnel to Cloudi-Fi, ensuring a seamless and secure network connection.

                                                            

 

Prerequisites:

Before diving into the configuration process, ensure you have the following:

  1. Access to the Meraki management console.
  2. Access to the Cloudi-Fi management console. 
  3. Basic understanding of networking concepts and VPN configurations.

Get VPN Parameters Information from Interface:

You will need the VPN information (VPN Key, VPN Secret and endpoints) to set up.

  1. Access your Cloudi-Fi admin console
  2. Navigate to the "Locations" section
  3. Next, select your location and "Edit Location". 

Cloudi-Fi admin console - Get VPN credentials


Step 1: Select the network to Forward in the IPSec Tunnel

  1. Access the Meraki MX management console.

  2. Locate and select "Security & SD-WAN" from the left-hand menu.

  3. Next, "Site-to-site VPN" section
  4. Choose which Meraki network will be forwarded in the IPSec tunnel :
    1. You can create Site-to-site VPN tunnels between the MX appliance and Cloudi-Fi VPN endpoint under the Non-Meraki VPN peers section in the Security Appliance Configure Site-to-site VPN page.

Step 2: Configure Site-to-Site VPN

  1. Under the "Site-to-site VPN" section, click on "Non-Meraki VPN peers" and then click the "Add a peer" button.
  2. Enter the Cloudi-Fi-provided information into the respective fields:
    1. A name for your VPN tunnel.
    2. The public IP address of the peer IP
    3. The hub should be configured as a default route for the Spoke (option to select). E.g. 0.0.0.0/0 should be specified as a default route to this peer.
    4. The preshared secret key (PSK)
    5. IPsec policies
      1. Use the Custom policy option to configure the IPsec policy manually to match the Zscaler Supported Parameters. 

If you have a dynamic public IP, you must contact Meraki support to activate a feature allowing you to use an FQDN as a VPN identifier.
Once the feature is activated, you will have a new field named "User FQDN" for the VPN configuration:

 

Troubleshooting:

If you encounter any issues during the configuration process or experience connectivity problems after setting up the VPN tunnel, consider the following troubleshooting steps:

  1. Verify that the IPsec PSK and other parameters are correctly entered into the Meraki MX configuration.
  2. Check for any misconfigurations in the traffic selector settings.
  3. Review logs and event messages on both Meraki MX for any error indications.
  4. Additional troubleshooting from the Meraki documentation here