Skip to content

Third-Party VPN Peers Configuration

Dashboard Location: Security and SD-WAN > Configure > Site-to-site VPN > Organization-wide settings

Third-party VPN peers configuration in Meraki organizations enables secure connectivity with external VPN gateways from cloud providers, partner organizations, and non-Meraki network equipment. This functionality supports IPsec-based connections with customizable encryption policies, authentication methods, and network routing for hybrid cloud deployments and multi-vendor network integration. Third-party VPN peers are essential for organizations requiring connectivity with AWS, Azure, Google Cloud, or other external networks while maintaining centralized management and consistent security policies.

Diagram
NameTypeConstraintMandatoryDefault Value
third_party_vpn_peersList[third_party_vpn_peers]No

third_party_vpn_peers (meraki.domains.organizations.appliance)

Section titled “third_party_vpn_peers (meraki.domains.organizations.appliance)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127Yes
public_ipIPNo
public_hostnameStringmin: 1, max: 127No
private_subnetsListString[Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$]Yes
local_idStringmin: 1, max: 127No
remote_idStringmin: 1, max: 127No
ipsec_policiesClass[ipsec_policies]No
ipsec_policies_presetChoicedefault, aws, azure, umbrella, zscalerNo
secretStringmin: 1, max: 127Yes
ike_versionChoice1, 2No
network_tagsListString[min: 1, max: 255]No

ipsec_policies (meraki.domains.organizations.appliance.third_party_vpn_peers)

Section titled “ipsec_policies (meraki.domains.organizations.appliance.third_party_vpn_peers)”
NameTypeConstraintMandatoryDefault Value
ike_cipher_algoListChoice[aes128, aes192, aes256, des, tripledes]No
ike_auth_algoListChoice[md5, sha1, sha256]No
ike_prf_algoListChoice[default, prfmd5, prfsha1, prfsha256]No
ike_diffie_hellman_groupListChoice[group14, group5, group2, group1]No
ike_lifetimeIntegermin: 1, max: 604800No
child_cipher_algoListChoice[aes128, aes192, aes256, des, null, tripledes]No
child_auth_algoListChoice[md5, sha1, sha256]No
child_pfs_groupListChoice[disabled, group14, group5, group2, group1]No
child_lifetimeIntegermin: 1, max: 86400No

Example-1: The example below demonstrates third-party VPN peers configuration using tested YAML configuration from pipeline fixtures.

meraki:
domains:
- name: "!env domain"
administrator:
name: "!env org_admin"
organizations:
- name: "!env org"
appliance:
third_party_vpn_peers:
- name: AWS VPN 01
public_hostname: vpn.example.com
private_subnets:
- "192.168.1.0/24"
- "192.168.2.0/24"
local_id: "192.168.128.10"
remote_id: "158.43.128.2"
ipsec_policies_preset: aws
secret: "supersecretkey"
ike_version: "2"
network_tags:
- "Production"
- "VPN"
- name: AWS VPN 02
public_ip: 158.43.128.100
private_subnets:
- "192.168.1.0/24"
- "192.168.2.0/24"
local_id: "192.168.128.100"
remote_id: "158.43.128.200"
ipsec_policies:
ike_cipher_algo:
- aes128
ike_auth_algo:
- sha256
ike_prf_algo:
- prfsha256
ike_diffie_hellman_group:
- group14
ike_lifetime: 3600
child_cipher_algo:
- aes128
child_auth_algo:
- sha256
child_pfs_group:
- group14
child_lifetime: 3600
secret: "supersecretkey"
ike_version: "2"
network_tags:
- "Production"
- "VPN"