Cisco Meraki Router

To configure the tunnel in the Cisco Meraki Management Portal:

  1. Log in to the Cisco Meraki Management Portal with the Administrator account.

  2. Go to Security Appliance > Configure > Site-to-site VPN.

  3. Make sure that the local LAN you want t connect from the Harmony SASE network is participating in the VPN.

  4. Scroll down to the Non-Meraki VPN peers section.

  5. Click Add a peer:

    Field

    Enter
    Name Name for the remote device or VPN.
    IKE Version IKEv1
    Public Ip Public IP address of the Harmony SASE gateway.
    Remote ID Public IP address of the Harmony SASE gateway.
    Private subnets Harmony SASE network subnets. Default is 10.255.0.0/16.
    Preshared secret key Secret key specified in the Harmony SASE Administrator Portal.

    IPsec Policy to use

    Custom

    Phase 1

    Encryption

    AES-256

    Authentication

    SHA1

    Diffie-Hellman group

    5

    Lifetime (seconds)

    28800

    Phase 2

    Encryption

    AES-256

    Authentication

    SHA1

    Diffie-Hellman group

    5

    Lifetime (seconds)

    3600

  6. Click Update.

  7. Edit the router rules to allow the traffic through the Harmony SASE tunnel. These rules apply to inbound and/or outbound VPN traffic from all MX appliances in the organization that participate in site-to-site VPN.

    To create a rule, got to Security Appliance > Configure > Site-to-site VPN, in the Site-to-site firewall section, select Add a rule.

    For reference, see the Layer 3 firewall rules.