Setting up a site-to-site VPN can be daunting, especially when handling multiple branch offices or remote sites. Fortunately, Cisco Meraki simplifies the process with its Auto VPN feature, allowing seamless, secure connections between networks with minimal manual configuration. In this guide, you’ll learn how to implement Auto VPN site-to-site VPN using the Meraki Dashboard GUI — step by step.
What is Meraki Auto VPN?
Meraki Auto VPN automates the creation of site-to-site VPN tunnels between Meraki MX security appliances. Instead of managing complex VPN peers, keys, and policies manually, Meraki takes care of encryption, peering, and routing setup for you. This results in quick deployment, simplified troubleshooting, and scalable connectivity.
Pre-Requisites Before Configuring Auto VPN
- Meraki MX appliances deployed at each site.
- Active Meraki Dashboard licenses for all MX devices.
- Administrator access to the Meraki Dashboard.
- Configured and connected MX devices with internet connectivity.
- Clear IP addressing scheme that avoids subnet conflicts across sites.
Step 1: Log into Your Meraki Dashboard
Head over to dashboard.meraki.com and log in with your administrator credentials. Select the network for the first site where you want to configure Auto VPN.
Step 2: Navigate to Security & SD-WAN > Configure > Site-to-site VPN
Once on your site’s dashboard, find the left sidebar menu and click:
Security & SD-WAN › Configure › Site-to-site VPN
This is the central hub where you can manage your VPN settings.
Step 3: Enable Site-to-Site VPN and Choose the Mode
Under Site-to-site VPN, toggle the switch to Enabled.
You will see two options for VPN mode:
- Hub: Acts as the central VPN concentrator.
- Spoke: Connects to the hub but does not allow VPN connections from other spokes.
Choose the role depending on your network architecture. Common setups include:
- Hub-and-Spoke: One or more hubs with spokes connecting only to hubs.
- Full Mesh: Setting all sites as hubs to create tunnels between every location.
Step 4: Define VPN Subnets to Tunnel
Specify which local subnets should be included in the VPN.
Under the VPN subnets section, you have options:
- Use VPN routes: Automatically route all local subnets.
- Custom: Manually specify which subnets to include.
Make sure the subnets you want to reach across sites are selected, avoiding overlapping ranges.
Step 5: Add Other Sites as Peers (if Needed)
If you run multiple sites in the same dashboard organization, Meraki automatically uses secure keys to link them in the VPN.
For sites outside your organization or custom peers:
- Scroll down to Non-Meraki VPN peers.
- Click Add a peer.
- Input the peer public IP, remote subnets, and shared keys.
This flexibility allows integrating with third-party VPNs or different Meraki organizations.
Step 6: Save Your Settings and Apply
After finalizing your configuration, click Save Changes at the bottom of the page.
Meraki MX devices will begin negotiating secure VPN tunnels automatically. The status can be monitored in the VPN status tab or Monitor > VPN status page.
Step 7: Verify VPN Tunnel Status
To check the tunnel state:
- Go to Security & SD-WAN > Monitor > VPN status.
- Here you’ll see a list of peers and the status of each tunnel (e.g., Up, Down).
Successful VPN connections will show as Up with active traffic passing through.
- Consistent subnets: Avoid overlapping IP ranges across sites.
- Firmware updates: Keep MX devices updated for the latest VPN features and security.
- Use tags and templates: For larger deployments, employing configuration templates makes management easier.
- Monitor regularly: Use the Meraki dashboard insights to keep an eye on VPN health.
Why Choose Meraki Auto VPN?
Meraki Auto VPN stands out for its ease of use, automated key management, and scalability. It removes the headaches of manual tunnel setup and lets you focus on your network’s overall performance and security.
With its intuitive GUI and powerful backend automation, even network admins new to VPNs can set up reliable site-to-site connectivity in moments.
By following this step-by-step guide, you’re well on your way to creating a robust, secure site-to-site network with Cisco Meraki Auto VPN. Say goodbye to complex manual configurations and hello to seamless network integration. Happy networking!
