Configuring Perimeter 81 Site-To-Site with Cisco Meraki

Follow

The following procedure demonstrates how to configure the Site-To-Site VPN tunnel to Perimeter 81 from Cisco Meraki device using the management interface. You must replace the example values in the procedures with the values that are provided in the configuration file.

 

Add new VPN site

Under the Non-Meraki VPN peers section in Security Appliance > Configure > Site-to-site VPN page. Simply click "Add a peer" and enter the following information:

  • A name for the remote device or VPN tunnel: Perimeter 81
  • The public IP address of the remote device: Public IP Address of the Perimeter 81 Gateway
  • The subnets behind the third-party device that you wish to connect to over the VPN: 10.255.0.0/16
  • The IPsec policy to use: Choose Custom and enter the following information:

Phase 1:
Encryption: Select AES-256 encryption
Authentication: Select SHA1 authentication
Diffie-Hellman group: Select between Diffie-Hellman (DH) groups 5
Lifetime (seconds): 28800

Phase 2:
Encryption: Select AES-256 encryption
Authentication: Select SHA1 authentication
PFS group: Select group 5 to enable PFS using that Diffie Hellman group.
Lifetime (seconds): 3600

  • The preshared secret key (PSK): Enter the PSK provided within the configuration file.
 

Edit firewall rules

You can add firewall rules to control what traffic is allowed to pass through the Perimeter 81 tunnel.

These rules will apply to inbound and/or outbound VPN traffic from all MX appliances in the Organization that participate in site-to-site VPN. To create a firewall rule, click Add a rule in the Site-to-site firewall section on the Security Appliance > Configure > Site-to-site VPN page. These rules are configured in the same manner as the Layer 3 firewall rules described on the Firewall Settings page of this documentation.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.