VPN Configuration Guide: Cisco Meraki
VPN Configuration Guide: Cisco Meraki
VPN Configuration Guide: Cisco Meraki
Under copyright law, this manual may not be copied, in whole or in part,
without the written consent of equinux AG or equinux USA, Inc. Your rights
to the software are governed by the accompanying software license
agreement.
The equinux logo is a trademark of equinux AG and equinux USA, Inc., regis-
tered in the U.S. and other countries. Other product and company names
mentioned herein may be trademarks and/or registered trademarks of their
respective companies.
equinux shall have absolutely no liability for any direct or indirect, special or
other consequential damages in connection with the use of this document
or any change to the router in general, including without limitation, any lost
profits, business, or data, even if equinux has been advised of the possibility
of such damages.
Every effort has been made to ensure that the information in this manual is
accurate. equinux is not responsible for printing or clerical errors.
www.equinux.com
2
Contents
Introduction ....................................................................................4
My VPN Gateway Configuration ................................................5
Task 1 – Cisco Configuration ......................................................6
Task 2 – VPN Tracker Configuration ..........................................8
Task 3 – Test the VPN Connection ...........................................10
Appendix .......................................................................................12
Remote DNS Setup .....................................................................12
Host to Everywhere ....................................................................14
3
Introduction VPN Tracker Configuration
In the second part of this guide, we’ll show you how to configure VPN Tracker
This configuration guide will help you connect VPN Tracker to to easily connect to your newly created VPN.
your Cisco Meraki VPN Gateway.
Appendix
Prerequisites The remainder of the guide covers advanced setups, such as Remote DNS.
If you are setting up VPN on your Cisco for the first time, we
strongly recommend you keep to setup proposed in this guide,
and make modifications only after you have tested the basic
setup.
4
My VPN Gateway Configuration
Throughout this guide, there are certain pieces of informa-
tion that are needed later on for configuring VPN Tracker. This
information is marked with red numbers to make it easier to
reference. You can print out this checklist to help keep track
of the various settings of your Cisco VPN gateway. Not all set-
tings are required for all setups, so don’t worry if some stay
empty.
IP Addresses
or host name
➋ LAN Network: . . . / . . .
Authentication
➌ Pre-Shared Key:
➍ XAUTH Username:
➎ XAUTH Password:
5
Task 1 – Cisco Configuration Step 2 – Enable VPN on your Cisco
If you’re familiar with Ciscos and already have a working VPN ‣ Go to Security appliance > Client VPN.
setup on your Cisco, you can skip the Cisco setup and use ‣ Set ”Client VPN Server“ to.”Enabled”
Option A. If your Cisco is not yet set up, use Option B. Regard- ‣ Enter a “Client VPN subnet” and make a note of it as ➋
less which option you choose, this guide assumes that your ‣ Enter a “Secret” and make a note of it as ➌
Cisco has Internet access and that a LAN network is config- ‣ Click ”Save”
ured.
6
Step 3 – Add a VPN User
‣ Go to Security appliance > Client VPN
‣ Click „Add new user“
‣ Enter an Email address (username) ➍ and password ➎ for your user
‣ Select “Authorized > Yes”
7
Task 2 – VPN Tracker Configuration
From Task 1, your → Configuration Checklist will have all your
Cisco settings. We will now create a matching configuration
in VPN Tracker.
8
Step 2 – Configure the VPN Connection
9
Task 3 – Test the VPN Connection
Connected!
It‘s time to go out!
Connecting may take a couple of seconds. If the On/Off button turns blue
You will not be able to test and use your VPN connection from within the that’s great – you’re connected!
Cisco’s network. In order to test your connection, you will need to connect
from a different location.
For example, if you are setting up a VPN connection to your office, try it
out at home. If you are setting up a VPN connection to your home net-
work, try it from an Internet cafe, or go visit a friend. Now is a great time to take a look at the VPN Tracker Manual. It shows you
how to use your newly established VPN and how to get the most out of it.
Connect to your VPN
‣ Make sure that your Internet connection is working – open your Internet VPN on – Internet off?
browser and check that you can open http://www.equinux.com If your Internet connection seems to be offline whenever you connect the
‣ Open VPN Tracker. VPN, your Cisco might be configured to send all your Internet traffic
through the VPN, but you’re probably missing the right remote DNS setup
‣ Click the On/Off slider for your connection.
to make it work. Please refer to the chapters about “Remote DNS” and
“Host to Everywhere” connections for information how to configure re-
mote DNS.
‣ If you are using VPN Tracker for the first time with your current Internet
connection, it will test your connection. Wait for the test to complete.
10
In most cases, the advice in the log should be sufficient to resolve the issue.
Troubleshooting However, VPNs are a complex topic and there might be trickier issues with
In case there’s a problem connecting, a yellow warning triangle will show up: which you need additional help.
http://www.vpntracker.com/support
Please include the following information with any request for support:
‣ A description of the problem and any troubleshooting steps that you have
already taken.
‣ A VPN Tracker Technical Support Report (Log > Technical Support Report).
‣ Cisco Meraki model and the firmware version running on it.
‣ Screenshots of the Client VPN settings on your Cisco.
11
Appendix Option A – Setup in VPN Tracker
Remote DNS can be set up in VPN Tracker without making any changes to
Remote DNS Setup your Cisco.
VPN Tracker can use DNS servers on the remote network of ‣ Click “Configure” and go to the “Basic” tab in VPN Tracker.
the VPN to look up host names of resources on the remote ‣ Check the box “Use Remote DNS Server”.
network of the VPN. ‣ Uncheck the box “Receive DNS Settings from VPN Gateway”.
‣ DNS Servers: Enter your DNS server. To enter additional DNS servers, press
Prerequisites the green plus button.
If you or your organization operate a DNS server on your Cisco’s network, VPN ‣ Search Domains: Enter the domains that you want this DNS server to be
Tracker can use it to look up the host names of internal resources (e.g. for used for. Can be left empty to use the remote DNS server for all DNS
turning intranet.ny.example.com into the IP address 192.168.13.94). lookups.
‣ Use DNS Server for: Choose “Search Domains” to only use the DNS server
Remote DNS is entirely optional for Host to Network connections. You can for the domains listed above. Choose “All Domains” to always use this DNS
always use IP addresses instead of host names, that’s just less convenient. server when the VPN is connected.
DNS Server ‣ Use for reverse lookup of IP addresses in remote networks: Should be
To set up remote DNS, you need to know the IP address(es) of the DNS checked unless your DNS server is incapable of reverse lookups.
server(s) that you want to use.
My DNS Server: . . .
Domain
VPN Tracker can use the remote DNS server for all DNS lookups (All Domains)
or just for some domains (Search Domains). If you want VPN Tracker to use the
remote DNS servers only for some domains (e.g. everything ending in “ny.ex-
ample.com”), write down these domains here:
12
Option B – Setup on the Cisco
You can have the Cisco distribute your DNS settings when using DHCP over
VPN.
Use these settings in VPN Tracker to receive your DNS settings from the Cisco:
13
Host to Everywhere
To send all Internet traffic through the VPN, you’ll need a
connection that uses a “Host to Everywhere” topology.
If you check the Status tab in VPN Tracker, it should now display “Internet” to
the right of your VPN gateway, instead of the remote network.
14