Cisco Meraki Router
To configure the tunnel in the Cisco Meraki Management Portal:
-
Log in to the Cisco Meraki Management Portal with the Administrator account.
-
Go to Security Appliance > Configure > Site-to-site VPN.
-
Make sure that the local LAN you want t connect from the Harmony SASE network is participating in the VPN.
-
Scroll down to the Non-Meraki VPN peers section.
-
Click Add a peer:
Field
Enter
Name Name for the remote device or VPN. IKE Version IKEv1 Public Ip Public IP address of the Harmony SASE gateway. Remote ID Public IP address of the Harmony SASE gateway. Private subnets Harmony SASE network subnets. Default is 10.255.0.0/16. Preshared secret key Secret key specified in the Harmony SASE Administrator Portal. IPsec Policy to use
Custom
Phase 1
Encryption
AES-256
Authentication
SHA1
Diffie-Hellman group
5
Lifetime (seconds)
28800
Phase 2
Encryption
AES-256
Authentication
SHA1
Diffie-Hellman group
5
Lifetime (seconds)
3600
-
Click Update.
-
Edit the router rules to allow the traffic through the Harmony SASE tunnel. These rules apply to inbound and/or outbound VPN traffic from all MX appliances in the organization that participate in site-to-site VPN.
To create a rule, got to Security Appliance > Configure > Site-to-site VPN, in the Site-to-site firewall section, select Add a rule.
For reference, see the Layer 3 firewall rules.