The connection randomly drops. As I wrote on my recent post here I was involved into a project to implement a Meraki MX into the Azure Cloud.
You should also check these settings on your local sites Dashboard network to ensure that the subnet youre connecting from is also advertised.
Meraki site to site vpn cisco asa. The Z1 will be taken to different sites so it will have different IP addresses. I got engaged in VPN troubleshooting between ASA and Meraki MX. The steps were similar to this and performed on our ASA 5510.
Navigate to Security SD-WAN Configure Site-to-Site VPN and you will see the following list of options. Has anyone setup a site to site VPN connection from an Cisco ASA to a MerakiCisco Z1. Under the General Settings tab select the radio button for Pre-Shared Key and enter the key string exactly as it appears on the MX under Security SD-WAN Configure Site-to-site VPN Organization-wide settings Non-Meraki VPN peers Preshared secret.
However I am seeing this output from sh crypto ipsec sa. Site-to-site VPN tunnels between Meraki MX and Cisco ASA. Use site-to-site VPN to create an secure encrypted tunnel between Cisco Meraki appliances and other non-Meraki endpoints.
If Hub type is selected this will be your exit hub. When there is a mismatch the most common result is that the VPN stops functioning when one sites lifetime expires. Under the Gateways tab click Add and give the gateway an appropriate name.
Ccess-list IPSEC extended permit ip 101000 25525500 102090 2552552550. This project also includes a migration phase with site-to-site VPN tunnels between Meraki MX and Cisco ASA. If so how did you configure the Cisco ASA.
On the Meraki side of the configuration it will all be done by using the Meraki dashboard. Cisco Adaptive Security Appliance Software version 83 and later. The diagram below shows the connection between the 2 sites participating in the site to site VPN.
Make sure you have configured the Cisco Adaptive Security Appliance with IP addresses on the interfaces and have basic connectivity before you proceed with this configuration example. The Tunnel Group Name will be automatically filled in for you based upon the peer IP address. Site-to-site VPN Meraki Auto VPN technology is a unique solution that allows site-to-site VPN tunnel creation with a single mouse click.
The information in this document is based on this software version. Get answers from your peers along with millions of IT pros who visit Spiceworks. On the left hand side click on VPN-Branch Office VPN.
I have a Meraki MX80 with the current firmware connected to a Cisco ASA version 94 over a site-to-site VPN. Meraki MX80 to Cisco ASA Site-to-Site VPN Randomely Drops. Select the radio button for Pre-shared key under Authentication Method and exactly as it appears on the MX under Security SD-WAN Configure Site-to-site VPN Organization-wide settings Non-Meraki VPN peers Preshared secret.
Turn off IKEv2 since Meraki only supports v1. Cisco Meraki products by default use a lifetime of 8 hours 28800 seconds for both IKE phase 1 and IKE phase 2. Leave the VPN interface as outside and enter the peer ip which in my case was the WAN ip of one of the MX64 devices.
This article will outline the process for configuring a Site-to-site VPN between a MX Security Appliance and a Cisco 2800 series router using the command line interface. It seems like all looks okay IKE negotiation routing NAT interesting traffic perspective. When enabled through the Dashboard each participating MX-Z device automatically does the following.
On the remote sides Dashboard network navigate to Security SD-WAN Configure Site-to-site VPN. Under Local networks make sure the Use VPN toggle is set to Yes for the subnet youre trying to reach. Ive got a quick question.
Go to Wizards – VPN Wizard – Site-to-Site VPN Wizard and click Next to continue. Advertises its local subnets that are participating in the VPN. Configure the MX side as explained here.