This article will guide you through configuring a captive portal using a VPN tunnel to Cloudi-Fi, ensuring a seamless and secure network connection.
Before diving into the configuration process, ensure you have the following:
- Access to the Meraki management console.
- Access to the Cloudi-Fi management console.
- Basic understanding of networking concepts and VPN configurations.
Get VPN Parameters Information from the Cloudi-Fi Interface:
You will need the VPN information (VPN Key, VPN Secret and endpoints) to set up.
- Access your Cloudi-Fi admin console.
- Navigate to the "Locations" section
- Next, select your location and "Edit Location".
Step 1: Select the network to Forward in the IPSec Tunnel
- Access the Meraki MX management console.
Locate and select "Security & SD-WAN" from the left-hand menu.
- Next, "Site-to-site VPN" section
- Choose which Meraki network will be forwarded in the IPSec tunnel :
- You can create Site-to-site VPN tunnels between the MX appliance and Cloudi-Fi VPN endpoint under the Non-Meraki VPN peers section in the Security Appliance Configure Site-to-site VPN page.
Step 2: Configure Site-to-Site VPN
- Under the "Site-to-site VPN" section, click on "Non-Meraki VPN peers" and then click the "Add a peer" button.
- Enter the Cloudi-Fi-provided information into the respective fields:
- A name for your VPN tunnel.
- The public IP address of the peer IP
- The hub should be configured as a default route for the Spoke (option to select). E.g. 0.0.0.0/0 should be specified as a default route to this peer.
- The pre-shared secret key (PSK)
- IPsec policies
- Use the Custom policy option to configure the IPsec policy manually to match the Zscaler Supported Parameters.
If you have a dynamic public IP, you must contact Meraki support to activate a feature allowing you to use an FQDN as a VPN identifier.
Once the feature is activated, you will have a new field named "User FQDN" for the VPN configuration:
If you encounter any issues during the configuration process or experience connectivity problems after setting up the VPN tunnel, consider the following troubleshooting steps:
- Verify that the IPsec PSK and other parameters are correctly entered into the Meraki MX configuration.
- Check for any misconfigurations in the traffic selector settings.
- Review logs and event messages on both Meraki MX for any error indications.
- Additional troubleshooting from the Meraki documentation here
All MX-Z devices in your organisation can use a non-Meraki peer setup. However, because you may not want every device to build tunnels with a non-Meraki peer, the Availability column allows you to decide which equipment within your organisation will connect to each peer.
When "All networks" is selected as a peer, all MX-Z appliances in the organisation will connect to that peer. When a specific network tag or collection of tags is selected, only networks that have one or more of the given tags will create connections with that peer.