Writing this blog on how we can configure OCI site-to-site VPN with Meraki MX100.
In this blog we have 2 steps. One to configure on OCI side another to setup on Meraki side.
1. OCI side configuration:
Pre-Requisite: I already have VCN created with private subnet and DRG attached to VCN.
a. First configure your on-premises device (the customer-premises equipment, or CPE) at your end of the Site-to-Site VPN so traffic can flow between your on-premises network and virtual cloud network (VCN).
The CPE is a virtual representation of your customer-premises equipment, which is the actual router on-premises at your site at your end of the Site-to-Site VPN IPSec connection.
Click on Networking --> customer connectivity --> Customer-premises equipment
Click on create CPE
You need a public IP address of CPE to create CPE.
Also need to select vendor from the list (Meraki is not in the list so choose Other) and click create CPE.
b. Now Click on networking --> Site-to-site VPN
Click on Create IPSec connection
here we need select CPE we created in previous step, DRG and on-prem CIDR block.
I choose static routing here, You can change even after tunnel creation if need dynamic.
Oracle ask us to create 2 tunnel for redundancy purpose.
you can also see 2 Oracle VPN IP address, called VPN head ends.
2. Next is setup on Meraki side.
we have to share these 2 VPN IP address and pre-shared keys with customer to setup on CPE side.
Here are the settings on Meraki side.
So the path should be like this from OCI VM to on-prem network.
No comments:
Post a Comment