Time Poor? You only need a minute to Set Up a Cisco Meraki Site-to-Site VPN.
VPNs can be confusing and time consuming to setup. There's every chance of making a mistake and leaving your network with a security risk. Meraki AutoVPN is here to help.
IPTel have been training hard and we now have four Certified Meraki Network Associates (CMNA) in our team. We're trained and ready to go!
The depth of configuration possible is really impressive, and the ease of which you can configure is pretty cool. With everything web based, you can easily configure via the GUI.
Its fair to say there are a lot of settings - you could tie yourself in knots if you're not careful, but for the initiated, its a great system to configure.
In this blog we're going to take a look at the concept of site-to-site virtual private networks (VPN for short!).
Setting Up your VPN with Meraki
If yours is one of a growing number of companies who offer their employees the opportunity to work remotely, you might have experienced some difficulty in ensuring the integrity and security of company data when outside of the local network. Virtual Private Networks (VPNs) provide the means to satisfy these requirements, while allowing remote workers access to the local company network as if they are present in the main office.
If simple setup and ease of maintenance are valuable considerations for your company, or if you simply do not want to spend network engineering resources on managing VPNs, then a Meraki cloud managed solution could be the right fit for you.
A teleworker will need a Meraki MX Security Appliance at their premises, which will be visible on the organisation's Meraki Dashboard (as well as all other Meraki devices in the organisation).
The MX Appliance is shown below:
If you have concerns about your network configuration or management, why not consider a Meraki Managed Service?
Meraki AutoVPN technology can then be used to create VPN tunnels (full tunnel or split-tunnel) between any security device of your choice. In our case, it will be between the MX device at the central office (hub) and the MX device at the teleworker premises (spoke), using the following two simple steps:
1. In the Meraki Dashboard for your central office network (let's call the network "HQ"), click on:
- Security Appliance > Configure > Site-to-site VPN > click the Hub (Mesh) radio button
- From the dropdowns below, choose which local company networks to allow over the VPN.
2. Then, from the network dropdown at the top of the page, choose the network associated to the teleworker premises (let's call it "Teleworker 123"). Once the screen refreshes into the Teleworker network, choose the following:
- Site-to-site VPN >click the Spoke radio button
- From the Hubs dropdown beneath the spoke radio button, Choose HQ as the hub.
- Choose the locally connected networks at the Teleworker 123 location that should be allowed over the VPN.
Meraki AutoVPN: Building VPN Tunnels
The AutoVPN feature will create an IPsec tunnel between the two MX devices, and will even rebuild the VPN tunnel between the peers in a dynamic IP environment, which is typical of a teleworker site where the ISP will usually allocate a new public IP address each time the gateway device is rebooted.
All of this is transparent to the end user - it just works!
Note there are more options to tailor the VPN tunnel, but the above steps will provide a fully- functioning tunnel in about one minute.
In instances where maybe the teleworker does not yet have a Meraki MX device at their premises, then the central MX can still form third party VPNs with other vendors' products (subject to some caveats), using the following supported protocols: L2TP, PPTP, IPsec (Cisco), and Cisco AnyConnect.
Meraki MX64 Security Appliance
Setting up VPNs can be difficult, depending on whether the requirement is to implement the VPN through a client device using software installed on the device, or to set up the VPN on a gateway device such as a router or security appliance.
Either way, this normally requires some degree of technical knowledge and can include a number of configuration steps.
Site to Site VPN: Made easy with Meraki: Summary
Meraki makes it easy to setup your Site to Site VPN. SD-WAN is becoming ever more common, so the ability to use Meraki to easily configure your WAN, makes this simple and gives you peace of mind.
Many businesses have remote branch offices, so this can get pretty complicated - and expensive - when you install a complex SD-WAN solution.
Meraki makes this easy, meaning you can simplify your security, using the auto-VPN feature in the Meraki MX appliances to build out the site-site VPN capability for you.
Once configured, you can monitor and manage via the cloud.
While the site-site VPN is only one feature that Meraki brings, it forms part of an overall suite of features that are all designed to make your life as a network administrator that much easier.
- Meraki Cloud Wi-Fi
- Meraki Managed Service
- Cisco Meraki Access Points
- Cisco Meraki Switching
- Cisco Meraki Dashboard
If you're after a few tips and tricks in the Wi-Fi space, have a look at our Top 8 Secrets to Great Wi-Fi eBook.
Meraki Made Simple: Meet Dave
Want to hear more about Meraki?