Site to Site IPSec VPN Tunnel between Cisco ASA and Meraki MX
Site to Site IPSec VPN Tunnel
Cisco ASA and Cisco Meraki MX
We are going to talk about the IPsec VPN tunnel between Cisco Meraki MX and Cisco ASA Firewall where one site is protected by a Cisco ASA, while another is protected by a Cisco Meraki MX.
We are configuring the tunnel between each site, avoiding overlapping subnets, so that a secure tunnel may be formed with the required security profiles applied.
What is Cisco ASA ?
Cisco ASA is a security device that includes a firewall, antivirus, intrusion prevention, and a virtual private network (VPN). It enables proactive threat protection, preventing assaults from spreading throughout the network.
What is Cisco Meraki MX?
Meraki MX is a series of security appliances from Cisco Meraki that provides advanced threat protection, SD-WAN, and network segmentation for organizations of all sizes. The Meraki MX is designed for cloud-managed networking, meaning that all configurations, updates, and monitoring can be performed through the Meraki cloud management platform, known as the Meraki Dashboard.
What is Site to Site IPsec VPN Tunnel ?
A Site-to-Site IPsec VPN tunnel allows remote networks and devices to communicate securely over an encrypted connection between two networks. In order to provide secure communication over the Internet, IPsec, which stands for Internet Protocol Security, is widely used.
An IPsec VPN is a secure, encrypted tunnel established between two network devices, such as routers, firewalls, or security appliances. Using the tunnel, devices on each network can communicate with each other as if they were on the same local network, providing a secure and encrypted connection between the two networks.
 |
| Fig 1.1- Cisco ASA Site to Site tunnel Setup with Meraki MX |
Cisco-ASA-5505 Site to Site configuration through ASDM
Step 1: Login to the ASDM through your web window. Once opened, check for Wizards and select option "IPsec VPN Wizard". Once selected, Choose Site-to-Site for the IPSec VPN Tunnel type, and click Next
 |
| Fig 1.2- Cisco ASA Site to Site tunnel Setup |
Step 2: Specify the outside IP address of the remote peer which is the IKE gateway. As shown below, you need to configure the IP address of the Peer (which is a Meraki MX) and Pre-shared key which will be same on the other end.
By default the Tunnel Group Name will be your outside IP address. Click Next.
 |
| Fig 1.3- Cisco ASA Site to Site tunnel Setup |
Step 3: Specify the attributes for phase 1 negotiation. These must be the same on both the Meraki MX and Cisco ASA. Click Next. Specify the attributes to use for Phase 2 negotiation. These attributes must match on both the Meraki MX and the Cisco ASA.
We have also selected PFS. PFS stands for Perfect Forwarding Secrecy
 |
| Fig 1.4- Cisco ASA Site to Site tunnel Setup |
Step 4: The network or hosts that should be permitted to have their traffic travel through the VPN tunnel we are going to create should be specified. You must give the Local Networks and Remote Networks for the VPN Tunnel in this stage.
To choose the local network address from the drop-down menu, click the button next to Local Networks as shown above.
Step 5: Choose Local Networks and Remote Networks and click OK. Click Add button and add the Remote Networks. After choosing the Local and Remote Networks click Next
 |
| Fig 1.5- Cisco ASA Site to Site tunnel Setup |
Step 6: This summary shows the properties that the VPN Wizard defined. After double-checking the options, click Finish when you are certain that they are accurate.
Note: Select connection profiles under Site-to-Site VPN's Configuration tab to see the local network and distant network that are secured by the VPN tunnel that we set up.
By default, the wizard sets up the Firewall Access Rules. Additionally, a static route has been set up to connect to the single network behind the Meraki MX.
Cisco Meraki Site to Site tunnel
Step 1: Login to the Cisco Meraki portal and create a new network and select site-to-site VPN as shown below
 |
| Fig 1.6- Meraki MX Site to Site tunnel Setup |
Step 2: Once you selected, select the below as hub location for your deployment
 |
| Fig 1.7- Meraki MX Site to Site tunnel Setup |
Step 3: As you are going to use Meraki MX device to create the tunnel with the Cisco ASA. you need to put the same shared key that you specify when creating your Site-to-Site VPN connection.
Step 4: On the Non-Meraki VPN peers, configure details settings like IKE Version, IPsec Policies, public IP, private subnet behind it and Preshared Secret.
Continue Reading...
++++++++++++++++++++++++++++++++++++++++++++++++++++
IPsec site-to-site VPN tunnel between Cisco ASA & FortiGate Firewall - The Network DNA
IPsec site-to-site VPN tunnel between Palo Alto Firewall & FortiGate Firewall - The Network DNA
Site-to-Site VPN: IPSEC Tunnel Between an ASA and a Cisco IOS Router - The Network DNA
Site-to-Site IPsec VPN Tunnel with two FortiGate Firewalls - The Network DNA
Security: FortiGate to SonicWall VPN Tunnel setup - The Network DNA
++++++++++++++++++++++++++++++++++++++++++++++++++++
