In this article we will configure IKEv1 tunnel between Aviatrix gateway and Cisco Meraki
Step 1: Request for a Meraki free trial
- Link: https://documentation.meraki.com/Getting_Started/Meraki_Free_Trials
- Click on “Sales Team” and fill the information.
- You will get a welcome email with a demo link. The link will be at the top of this email.
- Next you will get a trial link to your Meraki dashboard. If you do not get this email, contact 888-490-0918 and they should help expedite. This link is must in order to access Meraki dashboard.
Step 2: Create Meraki device in AWS/Azure using the below documents:
In my case I used Azure, so had to do an extra step, add NSG to the subnet where you created the Meraki.
- Create NSG with allow all rule
Steps: Azure Portal --> NSG --> Create --> Inbound security rules --> Any Any
- Attach NSG to subnet.
Steps: Azure Portal --> Meraki VNET --> Subnet --> NSG --> Attach the new allow all NSG
- Once done, confirm that you see the public IP of this newly created Meraki device on your Cisco Meraki dashboard.
- Add your Cisco Meraki serial number to the Meraki created in Azure
Steps: http://<Azure Meraki public IP>/ and select Configure
Note: You will not be able to HTTPS/SSH into the Meraki created in Azure. You will have to do all the next steps from Meraki dashboard.
Step 3: Create tunnel
- Aviatrix gateway side:
- Meraki Side:
- You will see the below error in the gateway logs:
2021-07-23T14:23:21.949743+00:00 ip-10-20-108-254 charon: 22[IKE] <gw-10_20_108_254-20_81_20_76|3> IDir '10.190.0.4' does not match to '22.214.171.124'
2021-07-23T14:23:21.949678+00:00 ip-10-20-108-254 charon: 22[ENC] <gw-10_20_108_254-20_81_20_76|3> parsed ID_PROT response 0 [ ID HASH ]
2021-07-23T14:23:21.946502+00:00 ip-10-20-108-254 charon: 11[ENC] <gw-10_20_108_254-20_81_20_76|3> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
2021-07-23T14:23:21.946432+00:00 ip-10-20-108-254 charon: 11[IKE] <gw-10_20_108_254-20_81_20_76|3> remote host is behind NAT
- Change the remote identifier for S2C connection
Steps: Controller --> S2C --> Setup --> Connection --> Edit --> Remote identifier --> Use the IP address highlighted(10.190.0.4) from the error message
- Aviatrix side
- Meraki side