Blog

Meraki Site to Site VPN

Written by IPTel Solutions | 25 September 2024 6:26:16 AM

Time Poor? You only need a minute to Set Up a Cisco Meraki Site-to-Site VPN.

VPNs can be confusing and time consuming to setup. There's every chance of making a mistake and leaving your network with a security risk. Meraki AutoVPN is here to help.

IPTel have been training hard and we now have four Certified Meraki Network Associates (CMNA) in our team. We're trained and ready to go!

The training was really interesting in the breadth and depth of the Meraki solution - there's a wider product line than you'd imagine (Meraki switches, security appliances, APs and cameras).

The depth of configuration possible is really impressive, and the ease of which you can configure is pretty cool. With everything web based, you can easily configure via the GUI.

Its fair to say there are a lot of settings - you could tie yourself in knots if you're not careful, but for the initiated, its a great system to configure.

ASSOCIATED BLOGS:

In this blog we're going to take a look at the concept of site-to-site virtual private networks (VPN for short!).

Setting Up your VPN with Meraki

If yours is one of a growing number of companies who offer their employees the opportunity to work remotely, you might have experienced some difficulty in ensuring the integrity and security of company data when outside of the local network. Virtual Private Networks (VPNs) provide the means to satisfy these requirements, while allowing remote workers access to the local company network as if they are present in the main office.

If simple setup and ease of maintenance are valuable considerations for your company, or if you simply do not want to spend network engineering resources on managing VPNs, then a Meraki cloud managed solution could be the right fit for you.

A teleworker will need a Meraki MX Security Appliance at their premises, which will be visible on the organisation's Meraki Dashboard (as well as all other Meraki devices in the organisation).

The MX Appliance is shown below:

If you have concerns about your network configuration or management, why not consider a Meraki Managed Service?

ASSOCIATED BLOGS:

Meraki AutoVPN

Meraki AutoVPN technology can then be used to create VPN tunnels (full tunnel or split-tunnel) between any security device of your choice. In our case, it will be between the MX device at the central office (hub) and the MX device at the teleworker premises (spoke), using the following two simple steps:

1. In the Meraki Dashboard for your central office network (let's call the network "HQ"), click on:

  • Security Appliance > Configure > Site-to-site VPN > click the Hub (Mesh) radio button
  • From the dropdowns below, choose which local company networks to allow over the VPN.

2. Then, from the network dropdown at the top of the page, choose the network associated to the teleworker premises (let's call it "Teleworker 123"). Once the screen refreshes into the Teleworker network, choose the following:

  • Site-to-site VPN >click the Spoke radio button
  • From the Hubs dropdown beneath the spoke radio button, Choose HQ as the hub.
  • Choose the locally connected networks at the Teleworker 123 location that should be allowed over the VPN.

Done!

ASSOCIATED BLOGS:

Meraki AutoVPN: Building VPN Tunnels

The AutoVPN feature will create an IPsec tunnel between the two MX devices, and will even rebuild the VPN tunnel between the peers in a dynamic IP environment, which is typical of a teleworker site where the ISP will usually allocate a new public IP address each time the gateway device is rebooted.

All of this is transparent to the end user - it just works!

Note there are more options to tailor the VPN tunnel, but the above steps will provide a fully- functioning tunnel in about one minute.

In instances where maybe the teleworker does not yet have a Meraki MX device at their premises, then the central MX can still form third party VPNs with other vendors' products (subject to some caveats), using the following supported protocols: L2TP, PPTP, IPsec (Cisco), and Cisco AnyConnect.

Meraki MX64 Security Appliance

Setting up VPNs can be difficult, depending on whether the requirement is to implement the VPN through a client device using software installed on the device, or to set up the VPN on a gateway device such as a router or security appliance.

Either way, this normally requires some degree of technical knowledge and can include a number of configuration steps.

ASSOCIATED BLOGS:


Site to Site VPN: Made easy with Meraki: Summary

Meraki makes it easy to setup your Site to Site VPN. SD-WAN is becoming ever more common, so the ability to use Meraki to easily configure your WAN, makes this simple and gives you peace of mind.

Many businesses have remote branch offices, so this can get pretty complicated - and expensive - when you install a complex SD-WAN solution.

Meraki makes this easy, meaning you can simplify your security, using the auto-VPN feature in the Meraki MX appliances to build out the site-site VPN capability for you.

Once configured, you can monitor and manage via the cloud.

While the site-site VPN is only one feature that Meraki brings, it forms part of an overall suite of features that are all designed to make your life as a network administrator that much easier.

ASSOCIATED BLOGS:

If you're after a few tips and tricks in the Wi-Fi space, have a look at our Top 8 Secrets to Great Wi-Fi eBook.

Meraki Made Simple: Meet Dave

Want to hear more about Meraki?

Meet Dave. Dave is an IT Manager with an ever-growing list of requirements from his network. Dave has a lot of network challenges and a lot of new devices and applications to look after.
 
In this short video, we explore how Dave can tame his network, reduce costs, centrally manage AND add functionality to his network. 
 
If you're interested to hear more about how Meraki can help your business, email us at sales@iptel.com.au or complete our Request a Quote form, if you're ready for some pricing.