Contents
Writing this blog on how we can configure OCI site-to-site VPN with Meraki MX100.
In this blog, we have 2 steps. One to configure on the OCI side another to setup on the Meraki side.
1. OCI side configuration:
Pre-Requisite: I already have VCN created with a private subnet and DRG attached to VCN
a. First configure your on-premises device (the customer-premises equipment, or CPE) at your end of the Site-to-Site VPN so traffic can flow between your on-premises network and Virtual Cloud Network (VCN)
The CPE is a virtual representation of your customer-premises equipment, which is the actual router on-premises at your site at your end of the Site-to-Site VPN IPSec connection.
Click on Networking –> Customer Connectivity –> Customer-Premises Equipment
Click on Create CPE
You need a public IP address of CPE to create CPE.
Also, need to select the vendor from the list (Meraki is not in the list so choose other) and click Create CPE.
b. Now Click on networking –> Site-to-site VPN
Click on Create IPSec Connection
Here we need to select CPE we created in the previous step, DRG, and the on-prem CIDR block.
I choose static routing here, You can change it even after tunnel creation if need dynamic.
Oracle asks us to create 2 tunnels for redundancy purposes.
Click on Create IPSec connection and it will take a couple of minutes to provision and we can see it UP.
you can also see 2 Oracle VPN IP addresses, called VPN head ends.
2. Next is set up on the Meraki side.
we have to share these 2 VPN IP addresses and pre-shared keys with the customer to set up on the CPE side.
Here are the settings on the Meraki side.
After this, you will see both tunnels Up IPSec status Up in OCI (something like this)
So the path should be like this from OCI VM to on-prem network.
