Sales: (646) 970-4645 sales@progressny.com

How to easily set up a Site-to-Site VPN using Cisco Meraki

by Feb 24, 2021Meraki, VPN0 comments

A site-to-site VPN allows for full encryption of data between two locations by tunneling through the public internet. Cisco Meraki MX Firewalls offer some of the easiest ways to configure multiple work sites (Offices, Buildings, etc.) to communicate securely with each other using multiple MX Firewall devices to create a site-to-site VPN.

Meraki MX Firewalls utilize what they call “Hub and Spoke” topology. In short, all devices set to “Hub” can connect and talk to each other, while “Spoke” configured devices can only talk to Hub configured devices. This can be useful in a scenario where you have a Main Office with multiple branches. You can configure Branch A and Branch B to communicate with the Main Office, but not have the ability to talk with each other.

You can set up a Hub device with the following steps

  1. Navigate to the Dashboard Network of the MX that will act as the hub.
  2. Navigate to Security & SD-WAN > Configure > Site-to-Site VPN.
  3. Set the Type to Hub (Mesh):
  4. (Optional) If another MX in the organization is also configured as a hub, it can be added as an Exit hub. If configured, all VPN client traffic to this MX will be tunneled to the specified exit hub.
  5. Configure any other VPN settings desired (local networks, NAT traversal, etc)
  6. Save.

You can configure a Spoke device with the following steps

  1. Navigate to the Dashboard Network of the MX that will act as the spoke. 
  2. Navigate to Security & SD-WAN > Configure > Site-to-site VPN.
  3. Set the Type to Spoke:
  4. Select the hub MX under the Name drop-down. Multiple hubs can be added and prioritized in descending order.
  5. Select at least one hub for a Default route:
    1. If a hub is not configured as a default route, the spoke will only send traffic to this hub when the destination subnet is advertised by the hub.
    2. If a hub is configured as a default route, any traffic that is not destined for a higher-priority hub will be sent by default to this hub.
  6. Configure any other VPN settings desired (local networks, NAT traversal, etc)
  7. Save.

 

Once Saved, the MX set as “Spoke” will form a VPN tunnel with the specified hub(s).

PTSI Editorial Team

Support Line: Phone: +1 646-535-HELP (4357) Email: helpdesk@progressny.com Support web: helpdesk.progressny.com

Related Articles