Time Poor? You only need a minute to Set Up a Cisco Meraki Site-to-Site VPN.
IPTel have been training hard and we now have four Certified Meraki Network Associates (CMNA) in our team. We're trained and ready to go!
The training was really interesting in the breadth and depth of the Meraki solution - there's a wider product line than you'd imagine (switches, security appliances, APs and cameras - phones are on the way too).
Meraki MV Camera
The depth of configuration possible is really impressive, and the ease of which you can configure is pretty cool. With everything web based, you can easily configure via the GUI. Its fair to say there are a lot of settings - you could tie yourself in knots if you're not careful, but for the initiated, its a great system to configure.
Setting Up your VPN with Meraki
If yours is one of a growing number of companies who offer their employees the opportunity to work remotely, you might have experienced some difficulty in ensuring the integrity and security of company data when outside of the local network. Virtual Private Networks (VPNs) provide the means to satisfy these requirements, while allowing remote workers access to the local company network as if they are present in the main office.
If simple setup and ease of maintenance are valuable considerations for your company, or if you simply do not want to spend network engineering resources on managing VPNs, then a Meraki cloud managed solution could be the right fit for you.
A teleworker will need a Meraki MX Security Appliance at their premises, which will be visible on the organisation’s Meraki Dashboard (as well as all other Meraki devices in the organisation).
Setting up Meraki AutoVPN
Meraki AutoVPN technology can then be used to create VPN tunnels (full tunnel or split-tunnel) between any security device of your choice. In our case, it will be between the MX device at the central office (hub) and the MX device at the teleworker premises (spoke), using the following two simple steps:
1.In the Meraki Dashboard for your central office network (let’s call the network “HQ”), click on:
Security Appliance > Configure > Site-to-site VPN > click the Hub (Mesh) radio button
From the dropdowns below, choose which local company networks to allow over the VPN.
2.Then, from the network dropdown at the top of the page, choose the network associated to the teleworker premises (let’s call it “Teleworker 123”). Once the screen refreshes into the Teleworker network, choose the following:
Site-to-site VPN >click the Spoke radio button
From the Hubs dropdown beneath the spoke radio button, Choose HQ as the hub.
Choose the locally connected networks at the Teleworker 123 location that should be allowed over the VPN.
Meraki AutoVPN: Building VPN Tunnels
The AutoVPN feature will create an IPsec tunnel between the two MX devices, and will even rebuild the VPN tunnel between the peers in a dynamic IP environment, which is typical of a teleworker site where the ISP will usually allocate a new public IP address each time the gateway device is rebooted.
All of this is transparent to the end user – it just works!
Note there are more options to tailor the VPN tunnel, but the above steps will provide a fully- functioning tunnel in about one minute.
In instances where maybe the teleworker does not yet have a Meraki MX device at their premises, then the central MX can still form third party VPNs with other vendors’ products (subject to some caveats), using the following supported protocols: L2TP, PPTP, IPsec (Cisco), and Cisco AnyConnect.
Meraki MX64 Security Appliance
Setting up VPNs can be difficult, depending on whether the requirement is to implement the VPN through a client device using software installed on the device, or to set up the VPN on a gateway device such as a router or security appliance.
Either way, this normally requires some degree of technical knowledge and can include a number of configuration steps.