Third-Party VPN Peers Configuration
Dashboard Location: Security and SD-WAN > Configure > Site-to-site VPN > Organization-wide settings
External VPN Integration Management
Section titled “External VPN Integration Management”Third-party VPN peers configuration in Meraki organizations enables secure connectivity with external VPN gateways from cloud providers, partner organizations, and non-Meraki network equipment. This functionality supports IPsec-based connections with customizable encryption policies, authentication methods, and network routing for hybrid cloud deployments and multi-vendor network integration. Third-party VPN peers are essential for organizations requiring connectivity with AWS, Azure, Google Cloud, or other external networks while maintaining centralized management and consistent security policies.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”appliance (meraki.domains.organizations)
Section titled “appliance (meraki.domains.organizations)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| third_party_vpn_peers | List | [third_party_vpn_peers] | No |
third_party_vpn_peers (meraki.domains.organizations.appliance)
Section titled “third_party_vpn_peers (meraki.domains.organizations.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | Yes | |
| public_ip | IP | No | ||
| public_hostname | String | min: 1, max: 127 | No | |
| private_subnets | List | String[Regex: ^(?i:any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?)(,(any|(\d{1,3}\.){3}\d{1,3}(\/\d{1,2})?))*$] | Yes | |
| local_id | String | min: 1, max: 127 | No | |
| remote_id | String | min: 1, max: 127 | No | |
| ipsec_policies | Class | [ipsec_policies] | No | |
| ipsec_policies_preset | Choice | default, aws, azure, umbrella, zscaler | No | |
| secret | String | min: 1, max: 127 | Yes | |
| ike_version | Choice | 1, 2 | No | |
| network_tags | List | String[min: 1, max: 255] | No |
ipsec_policies (meraki.domains.organizations.appliance.third_party_vpn_peers)
Section titled “ipsec_policies (meraki.domains.organizations.appliance.third_party_vpn_peers)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ike_cipher_algo | List | Choice[aes128, aes192, aes256, des, tripledes] | No | |
| ike_auth_algo | List | Choice[md5, sha1, sha256] | No | |
| ike_prf_algo | List | Choice[default, prfmd5, prfsha1, prfsha256] | No | |
| ike_diffie_hellman_group | List | Choice[group14, group5, group2, group1] | No | |
| ike_lifetime | Integer | min: 1, max: 604800 | No | |
| child_cipher_algo | List | Choice[aes128, aes192, aes256, des, null, tripledes] | No | |
| child_auth_algo | List | Choice[md5, sha1, sha256] | No | |
| child_pfs_group | List | Choice[disabled, group14, group5, group2, group1] | No | |
| child_lifetime | Integer | min: 1, max: 86400 | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates third-party VPN peers configuration using tested YAML configuration from pipeline fixtures.
meraki: domains: - name: "!env domain" administrator: name: "!env org_admin" organizations: - name: "!env org" appliance: third_party_vpn_peers: - name: AWS VPN 01 public_hostname: vpn.example.com private_subnets: - "192.168.1.0/24" - "192.168.2.0/24" local_id: "192.168.128.10" remote_id: "158.43.128.2" ipsec_policies_preset: aws secret: "supersecretkey" ike_version: "2" network_tags: - "Production" - "VPN" - name: AWS VPN 02 public_ip: 158.43.128.100 private_subnets: - "192.168.1.0/24" - "192.168.2.0/24" local_id: "192.168.128.100" remote_id: "158.43.128.200" ipsec_policies: ike_cipher_algo: - aes128 ike_auth_algo: - sha256 ike_prf_algo: - prfsha256 ike_diffie_hellman_group: - group14 ike_lifetime: 3600 child_cipher_algo: - aes128 child_auth_algo: - sha256 child_pfs_group: - group14 child_lifetime: 3600 secret: "supersecretkey" ike_version: "2" network_tags: - "Production" - "VPN"