Site-to-Site VPN Configuration
Dashboard Location: Security and SD-WAN > Configure > Site-to-site VPN
VPN Connectivity Management
Section titled “VPN Connectivity Management”Site-to-site VPN configuration in Meraki appliances enables secure connectivity between multiple network locations through encrypted tunnels over the internet. This functionality supports hub-and-spoke, mesh, and custom VPN topologies for connecting branch offices, data centers, and remote sites with centralized management and automatic failover capabilities. Site-to-site VPN is essential for organizations requiring secure inter-site connectivity, centralized resource access, and scalable network expansion while maintaining security and performance across distributed locations.
Diagram
Section titled “Diagram”Classes
Section titled “Classes”appliance (meraki.domains.organizations.networks)
Section titled “appliance (meraki.domains.organizations.networks)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
vpn_site_to_site_vpn | Class | [vpn_site_to_site_vpn] | No |
vpn_site_to_site_vpn (meraki.domains.organizations.networks.appliance)
Section titled “vpn_site_to_site_vpn (meraki.domains.organizations.networks.appliance)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
mode | Choice | hub , none , spoke | Yes | |
hubs | List | [hubs] | No | |
subnets | List | [subnets] | No | |
subnet_nat | Boolean | true , false | No |
hubs (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn)
Section titled “hubs (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
use_default_route | Boolean | true , false | No | |
hub_network_name | String | min: 1 , max: 127 | Yes |
subnets (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn)
Section titled “subnets (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
local_subnet | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$ | Yes | |
use_vpn | Boolean | true , false | No | |
nat | Class | [nat] | No |
nat (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn.subnets)
Section titled “nat (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn.subnets)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
enabled | Boolean | true , false | No | |
remote_subnet | String | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates site-to-site VPN configuration using tested YAML configuration from pipeline fixtures.
meraki: domains: - name: "!env domain" administrator: name: "!env org_admin" organizations: - name: "!env org" networks: - name: "!env network_name" product_types: - appliance - switch - wireless - camera - sensor - cellularGateway appliance: vpn_site_to_site_vpn: mode: hub # Site-to-Site VPN Translation has to be enabled by Meraki Support # for this setting to work. # Otherwise, "VPN subnet translation is not supported for this network" is returned. # subnet_nat: True subnets: - local_subnet: "192.168.20.0/24" use_vpn: true - local_subnet: "!env hub_server_subnet" use_vpn: true