Site-to-Site VPN Configuration
Dashboard Location: Security and SD-WAN > Configure > Site-to-site VPN
VPN Connectivity Management
Section titled “VPN Connectivity Management”Site-to-site VPN configuration in Meraki appliances enables secure connectivity between multiple network locations through encrypted tunnels over the internet. This functionality supports hub-and-spoke, mesh, and custom VPN topologies for connecting branch offices, data centers, and remote sites with centralized management and automatic failover capabilities. Site-to-site VPN is essential for organizations requiring secure inter-site connectivity, centralized resource access, and scalable network expansion while maintaining security and performance across distributed locations.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”appliance (meraki.domains.organizations.networks)
Section titled “appliance (meraki.domains.organizations.networks)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| vpn_site_to_site_vpn | Class | [vpn_site_to_site_vpn] | No |
vpn_site_to_site_vpn (meraki.domains.organizations.networks.appliance)
Section titled “vpn_site_to_site_vpn (meraki.domains.organizations.networks.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| mode | Choice | hub, none, spoke | Yes | |
| hubs | List | [hubs] | No | |
| subnets | List | [subnets] | No | |
| subnet_nat | Boolean | true, false | No |
hubs (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn)
Section titled “hubs (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| use_default_route | Boolean | true, false | No | |
| hub_network_name | String | min: 1, max: 127 | Yes |
subnets (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn)
Section titled “subnets (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| local_subnet | String | Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$ | Yes | |
| use_vpn | Boolean | true, false | No | |
| nat | Class | [nat] | No |
nat (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn.subnets)
Section titled “nat (meraki.domains.organizations.networks.appliance.vpn_site_to_site_vpn.subnets)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enabled | Boolean | true, false | No | |
| remote_subnet | String | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates site-to-site VPN configuration using tested YAML configuration from pipeline fixtures.
meraki: domains: - name: "!env domain" administrator: name: "!env org_admin" organizations: - name: "!env org" networks: - name: "!env network_name" product_types: - appliance - switch - wireless - camera - sensor - cellularGateway appliance: vpn_site_to_site_vpn: mode: hub # Site-to-Site VPN Translation has to be enabled by Meraki Support # for this setting to work. # Otherwise, "VPN subnet translation is not supported for this network" is returned. # subnet_nat: True subnets: - local_subnet: "192.168.20.0/24" use_vpn: true - local_subnet: "!env hub_server_subnet" use_vpn: true