1. User profile
  2. Ryan White

Your comments

IKEv2 Support in MX appliances

Wow, just re-read this. I must have been pretty annoyed at the time to write "you suck" in such a childish way.

Anyway, we did end up going with option #2 by deploying a couple Ubiquiti EdgeRouters at each site and setting up all of our 3rd party VPN peers to connect via those, then static route the Meraki MX's to route packets destined for our VPN-remote networks to those EdgeRouters. It's definitely an annoying solution because it's more devices to worry about on the network, and sometimes the tunnels go down for inexplicable reasons and we have to reboot the EdgeRouters (that's a different issue in the EdgeRouter/VyOS firmware).

Please please pretty please, add IKEv2 support to the Meraki MX line so we can move the tunnels to GCP back to the Meraki firewalls and eliminate the extra complexity on our network of having separate VPN tunnel devices

5 years ago
IKEv2 Support in MX appliances

FYI, Google Cloud used to allow specifying multiple local and remote subnets in a single IKEv1 tunnel configuration, which is what Meraki does, and you could bring up the tunnel. However, Google later said multiple subnets in an IKEv1 tunnel was against standards and restricted their API to disallow this. Google says only IKEv2 permits this, but Meraki won't support IKEv2, something that's been around for *years*.


So now, Meraki is basically incompatible with Google Cloud VPN because your choices are:

  1. Specify only a single subnet on the Meraki (remote) site and a single subnet on the Google (local) side when creating a VPN tunnel, and setting IKEv1. You can't create additional identical tunnels with additional subnets, because Google will error that you can't have multiple tunnels with the identical VPN Gateway + Peer IP specified. So, you get to live with only routing a single subnet on each side over your VPN tunnel. WTF.
  2. Get a cheap IPSEC VPN router to hang off the side of your Meraki MX to support IKEv2 and point all of your IPSEC VPN tunnels with 3rd parties to this device, and add static routes to your Meraki MX.

Both of these solutions suck. Meraki, you suck. Can you hear a paying customer?

6 years ago


Customer support service by UserEcho