Skip to content

Oracle OCI Site-to-Site VPN to Meraki Switch – Part 2

Anas Darkal Sep 22, 2023 12:30:00 PM
Oracle OCI Site-to-Site VPN to Meraki Switch – Part 2 – Eclipsys
4:01

We have started the workshop in the previous blog “Oracle OCI Site-to-Site VPN to Meraki Switch – Part 2” where we covered the steps to create DRG, a private subnet, and a security list.

In this blog, we will complete the workshop by creating a Site-to-Site VPN configuration and then configuring the Meraki Cisco switch.

 

Step #6: Create Site-to-Site VPN

We will use the wizard to set up a Site-to-Site VPN. The wizard sets up a Site-to-Site VPN between your on-premises network and your Oracle VCN. That includes the IPSec encrypted tunnels and customer-premises equipment (CPE).

 

1. Open the navigation menu, click “Networking”, and then click “Site-to-Site VPN

site to site

 

2. Click “Start VPN wizard”.

site to site2

 

3. In the “Create Site-to-Site VPN” dialog window, in the “Basic information” window select VCN’s compartment and VCN name, then click next. DRG and IGW will be automatically populated.

site to site3

site to site4

 

In the “Subnets and security” window, select the “Select existing security list” option, and click “Choose subnets” to select a private subnet.

site to site5

In the “Choose subnets” dialog window, select private subnet, and click “Choose subnets”

site to site6

Make sure to select the correct Security list created in step #4 from the previous blog.

site to site7

In the “Site-to-Site VPN” window, enter and select the below options then click “Next”

  • VPN Name
  • Routing Type: Policy-based routing
  • Routes to your on-premises network: In our example, 10.8.8.0/24

site to site8

In the “Tunnel 1 & 2 information” section select the below options

  • IKE Version: IKEv1
  • On-premises network CIDR blocks: In our example, 10.8.8.0/24
  • On-premises cloud CIDR blocks (this is on OCI): In our example, 172.40.40.0/24

site to site9

In the “CPE” window, enter and select the below information, and click “Next”

  • CPE Name
  • IP Address: The public IP address of your CPE device. In this example, 142.35.140.32
  • Vendor: Other

site to site10

In the “Review and Create” window, click “Create VPN solution” at the bottom. Once provisioning completes VPN state will be available.

site to site11

4. Click the VPN name to collect tunnel information. The below information is required to configure the on-premises Meraki switch.

Note: You will notice that there are two IPSec Tunnels from Oracle’s side. Meraki only supports connecting to one at a time.

– Tunnel 1 public IP address – Oracle VPN IP address

site to site12

 

– Tunnel 1 shared secret

site to site13

 

– Phase details: click on Tunnel 1 name then navigate to the “Phase details” tab. Required information

  • Lifetime in seconds
  • Diffie-Hellman group
  • Diffie-Hellman group

site to site14

Step #7: Configure Cisco Meraki Switch

Note: You will notice that there are two IPSec Tunnels from Oracle’s side. Meraki only supports connecting to one at a time.

  1. Open the Meraki Dashboard
  2. Navigate to the Site-to-Site VPN settings page (Security & SD-WAN, Site-to-site VPN
  3. Select Hub (Mesh) as the type
  4. Enable the VPN “only for subnets listed in your IPSec connection” — having one too few or one too many will cause the entire connection to fail
  5. Add a Non-Meraki VPN Peer
  • Give it a name
  • Set the Public IP to the Public IP of Oracle VPN tunnel 1
  • Leave Remote ID blank
  • Set Private subnets to the Oracle VCN’s private subnet CIDR Block. In our example, 172.40.40.0/24
  • Set IPSec policies to custom and follow the configuration below. Use the OCI tunnel’s phase information collected in step #6
  • Fill in your OCI Tunnel “shared secret” collected in step #6
  • Set Availability to all networks

site to site15

 

Step #8: Test connection

Once the Meraki switch configuration is completed Oracle tunnel status will be up

site to site16

 

We’re all done provisioning, and you should now be able to ping and SSH from on-premises to the Oracle compute instance located in the private subnet.

You can access VPN logs as shown below.

site to site17

 

The workshop is completed. IPSec VPN connection between your on-premises and Oracle VCN private subnet is ready now!

Leave a Comment