Appendix: VPN with a Cisco Meraki MX security appliance configuration - Metasys - LIT-12012458 - Field Device - 13.0

Metasys IP Networks for BACnet/IP Controllers Technical Bulletin

Document type
Technical Bulletin
Document number
LIT-12012458
Version
13.0
Revision date
2023-10-23
Product status
Active

This appendix describes how to configure a virtual private network (VPN) with Cisco Meraki™ MX Security Appliance. A VPN is a private data network that uses the public telecommunication infrastructure and the Internet, maintaining privacy through the use of a tunneling protocol and security procedures. Data is encrypted before it is sent through the public network and then decrypted at the receiving end.

To purchase a Meraki MX Security Appliance, use the Cisco Partner Locator to find a Cisco Meraki distributor in your area. The use of the Cisco Meraki™ MX Security Appliance is a good choice for customers who do not have an internal IT department.

All Meraki products require licensing to operate. Meraki licenses are available in one, three, five, seven, or ten year increments. Refer to Meraki MX Security Appliance licensing options. Additional information is available at this link.

Use the instructions in this appendix as an example. Consult your IT department and Cisco proprietary documentation for detailed information. See https://meraki.cisco.com/ for more information.

Important: Engage appropriate network security professionals to ensure that the host computer is a secure host for Internet access. Network security is essential and of the highest importance. Typically, the IT organization must approve configurations that expose networks to the Internet. Be sure to fully read and understand the IT Compliance documentation for your site.

The Cisco Meraki MX Security Appliance supports provisioning and commissioning through the cloud application only. The MX Security Appliance must be pre-provisioned using the device's serial number through the Meraki dashboard. When the device is turned on and connected to the internet, the configuration is retrieved from the cloud application. Configuring the MX Security Appliance by directly connecting to the device is not supported.

To provision MX Security Appliances through the Meraki dashboard, you must first create a Meraki dashboard account. One or more organizations can be associated with a Meraki dashboard account (see Step 1 and Step 2 in Configuring a VPN tunnel with a Cisco Meraki MX security appliance).

To grant other users access to the Meraki MX Security Appliance owned or managed by the organization, other members must be added to the organization in the Meraki dashboard (see Step 3 in Configuring a VPN tunnel with a Cisco Meraki MX security appliance).

Once an organization is created through the Meraki dashboard, the MX Security Appliance to be provisioned must be added to the organization's inventory, and then the MX Security Appliance must be added to a specific network within the organization (see Step 4 and Step 5 in Configuring a VPN tunnel with a Cisco Meraki MX security appliance).

The MX Security Appliance must be physically deployed to the site and connected to the network (see Step 6 in Configuring a VPN tunnel with a Cisco Meraki MX security appliance).

When the MX Security Appliance is added to a network, the configuration for the MX Security Appliance can be created (see Step 7 in Configuring a VPN tunnel with a Cisco Meraki MX security appliance).

After the MX Security Appliance is deployed to the network through the Meraki dashboard, configure the MX Security Appliance, then the MX Security Appliance can provide VPN access. Generally, you must connect the Meraki MX Security Appliance to the network that the MX Security Appliance is providing VPN access to and then connect the MX Security Appliance to the modem providing internet access. Consult your IT department and network administrator for further guidance. For more information about the Meraki MX Security Appliance, refer to https://documentation.meraki.com/MX/Installation_Guides/Z3_Installation_Guide.

Once the MX Security Appliance is deployed on the network, a VPN connection can be established to the MX Security Appliance using standard VPN client software that is included with supported Windows® operating systems, Apple® operating systems, or Android™ operating systems (see Step 8 in Configuring a VPN tunnel with a Cisco Meraki MX security appliance).

Before adding the MX Security Appliance to the network, provision and commission the device by completing the following steps. You can complete Steps 1-5 before physically adding the MX Security Appliance to the site network.