Client VPN Last updated; Save as PDF Most popular; Highest rated; Recently updated; Recently added; Allow remote users to securely access files and services on the network through an encrypted tunnel over the Internet.
How Auto VPN Works
- Meraki Auto VPN technology is a unique solution that allows site-to-site VPN tunnel creation with a single mouse click. When enabled through the Dashboard, each participating MX-Z device automatically does the following: Advertises its local subnets that are participating in the VPN.
- Flexible tunneling, topology, and security policies Cisco Meraki’s unique auto provisioning site-to-site VPN connects branches securely, without tedious manual VPN configuration. Leveraging the power of the cloud, MX Security Appliances configure, monitor, and maintain your VPN so you don't have to.
- Configure the connection. Create and configure the connection between Azure and your on-site router. I used the cmdlet New-Guid to randomly generate a PassPhrase and output me the results so that I can use it in the next step to configuring pfSense. Cisco Meraki Steps Configure site-to-site VPN. Login to your Meraki dashboard https://dashboard.
- MX1 and MX2 are part of the same organization. MX1 and MX2 are configured to participate in Auto VPN. Both MX1 and MX2 send a Register Request message to their VPN registry in order to share their own contact information, and to get the contact information of the peer MX(s) that it should form a VPN tunnel with. The Register Request message contains the IP address and the UDP port that the MX communicates on, and the MX requests the contact information of its peer MX(s).
- VPN registries send the Register Response messages to the MXs with the contact information of the peers the MXs should establish a tunnel with.
- Once the information is shared with the MX about its peers, a VPN tunnel is formed MX to MX. The Meraki cloud already knows the subnet information for each MX, and now the IP addresses to use for tunnel creation. The cloud pushes a key to the MXs in their configuration which is used to establish an AES encrypted IPsec-like tunnel. Local subnets specified by dashboard admins are exported/shared across VPN. During this process, VPN routes are pushed from the dashboard to the MXs. Finally, the dashboard will dynamically push VPN peer information (e.g., exported subnets, tunnel IP information) to each MX. Every MX stores this information in a separate routing table.
Ports used to contact the VPN registry:
- Source UDP port range 32768-61000
- Destination UDP port 9350 or UDP port 9351
Cisco Meraki Vpn Setup
Ports used for IPsec tunneling:
- Source UDP port range 32768-61000
- Destination UDP port range 32768-61000
The VPN connection can be monitored under Security & SD-WAN > Monitor > VPN Status page. The status of each MX is displayed, along with their exported subnets, latency, connectivity and routing decisions that are being made over the Auto VPN domain in near real-time.
Auto VPN vs Non-Meraki Site-to-Site VPN
- Auto VPN is a VPN connection between/among the MXs in different networks of the same Meraki dashboard organization.
- Non-Meraki site-to-site VPN is used when you form a VPN tunnel with a third-party/non-Meraki device or when you establish a VPN connection with an MX in a different dashboard organization.
- Like Non-Meraki Site-to-Site VPN, Auto VPN has encryption, authentication and a key. The traffic is encrypted using an AES cipher. However, all of this is transparent to users and does not need to be (and cannot be) modified.
Auto VPN - A Component of Meraki SD-WAN
| SD-WAN Characteristics | Meraki SD-WAN Component |
| Support for VPNs | Meraki Auto VPN |
| Multiple connection types (MPLS, Internet, LTE, etc.) | MX uplink options allow for multiple connection type. |
| Dynamic path selection (allows for load sharing across WAN connection) | MX devices can perform uplink load balancing across WAN connections |
| Simple WAN Configurations Interface (Must support zero-touch provisioning at a branch, should be easy to set up) | Meraki dashboard & API configuration interfaces |
Auto VPN, as a component of SD-WAN, transitions the manual steps for setting the VPN tunnel into a simple automated process. It takes only a few clicks and makes it easy to deploy and manage an SD-WAN environment. It gives resilience, security and application optimization. It has automatic VPN route generation using the IKE/IPSec-like tunnels and all this is done in the Meraki cloud.
If you have two uplinks on your MX, Auto VPN as a component of SD-WAN allows you to decide the flow preferences within the VPN tunnel under Security & SD-WAN > Configure > SD-WAN & Traffic Shaping page > Uplink Selection > Active-Active Auto VPN. Active-active Auto VPN allows you to create a VPN tunnel with flow preferences over both the uplinks.
Meraki Vpn Settings
Cisco Meraki Mx Setup
If active-active Auto VPN is disabled, the tunnel will be formed over the primary WAN link and will failover to the secondary if the primary fails. Panduit printers driver.