+219

IKEv2 Support in MX appliances

Winston 2 years ago • updated by Ryan White 2 months ago 9

Please enable IKEv2 support for multi site dynamic VPN routing with 3rd party appliances.

+24

When is Meraki going to get this done?


We've had many clients that have to buy an ASA just to support IKEv2 tunnels.

Seems like there is a high number of other people that want it too!


Come on Meraki!

+7

Come on ... Some news?

+6
  • Any updates?
+6

Also continuing to wait for this feature. I requested it about a year and a half ago, and still no movement. We have multiple sites and an Azure presence, and we can only connect one network to Azure because the Meraki doesn't support Dynamic Routing. If this continues much longer, we'll just dump our Cisco gear and go with something else.

+8

I'm disappointed that for such an expensive product (comparatively) it still doesn't offer so basic a feature.

Our account manager previously told me, over a year ago, that its 'coming soon' but here we are...still waiting.

+5

Can't believe this isn't supported yet. Really disappointed that a high end solution (cost) would be so far behind. Come on sort it out and give this the priority it should be.

+7

What is the ETA on this feature?  Ridiculous.

-1

Account manager has said they will implement IKEv2 on the Auto VPN but not on the 3rd party VPN which is quite disappointing

FYI, Google Cloud used to allow specifying multiple local and remote subnets in a single IKEv1 tunnel configuration, which is what Meraki does, and you could bring up the tunnel. However, Google later said multiple subnets in an IKEv1 tunnel was against standards and restricted their API to disallow this. Google says only IKEv2 permits this, but Meraki won't support IKEv2, something that's been around for *years*.


So now, Meraki is basically incompatible with Google Cloud VPN because your choices are:

  1. Specify only a single subnet on the Meraki (remote) site and a single subnet on the Google (local) side when creating a VPN tunnel, and setting IKEv1. You can't create additional identical tunnels with additional subnets, because Google will error that you can't have multiple tunnels with the identical VPN Gateway + Peer IP specified. So, you get to live with only routing a single subnet on each side over your VPN tunnel. WTF.
  2. Get a cheap IPSEC VPN router to hang off the side of your Meraki MX to support IKEv2 and point all of your IPSEC VPN tunnels with 3rd parties to this device, and add static routes to your Meraki MX.

Both of these solutions suck. Meraki, you suck. Can you hear a paying customer?