If you need to create a site-to-site VPN between an ASA and Meraki Security Appliance, it’s fairly quick. I recommend using the CLI on the ASA for the configuration.
ASA CLI Configuration Steps:
Step 1: Configure ISAKMP Policy (Phase 1)
Step 2: Configure IPsec Transform set
Step 3: Create an access list matching the addresses to communicate over the VPN tunnel
Step 4: Exclude the VPN traffic from being natted
Step 5: Define a crypto map referencing to step 2, 3 and the outside interface of the MX. Only static crypto maps are supported.
crypto map name number set transform-set transform_set_name
crypto map name number set peer peer ip
Step 6: Set the data lifetime to unlimited
Step 7: Apply the crypto map to the outside interface
Step 8: Configure the tunnel group and the pre-shared key.
Tunnel-group peer ip ipsec-attributes
pre-shared-key preshared key
Meraki-Side Configuration Steps:
On the Meraki side of the configuration, it will all be done by using the Meraki dashboard. Navigate to Security & SD-WAN > Configure > Site-to-Site VPN and you will see the following list of options:
- If ‘Hub’ type is selected this will be your exit hub.
- If ‘Spoke’ type is selected, the MX will send all site-to-site traffic to its configured VPN hubs.
- VPN subnet translation
- NAT traversal
- Remote VPN participants
- Can choose to advertise remote routes
- Non-Meraki VPN peers
- Site-to-site outbound firewall
- Site-to-site inbound firewall
Alison Wallick, Network Support Engineer
Other Networking Basics:
Taking and Restoring ASDM Backups
Setting up SSH and Local Authentication
Upgrading ASA and ASDM Images on New ASAs
Setting Up New Meraki Access Points
Adding and Removing Devices from the Meraki Dashboard
Upgrading an ASA ROMMON Version