About this task
To configure the MX Security Appliance, complete the following steps:
- In a web browser, go to https://dashboard.meraki.com. Create a portal user account.
In the Meraki dashboard, create and manage your Organization or Organizations.
When you first log in, an organization with your company's name is automatically
created. You can manage and rename this organization and create additional
organizations in the Organization menu.
In the Cisco Meraki user interface, a single dashboard administers one or more organizations. An organization represents a customer or customer site. Each organization contains one or more networks. A network typically consists of the MX Security Appliances on that common network. For more information about creating and managing organizations, refer to Meraki's Creating a Dashboard Account and Organization page.
Add portal users to your organization. In the Meraki dashboard, go to Managing Dashboard Administrators and
. For more information about adding and managing portal users and
administrators, refer to this Meraki's
After you add a user to your organization, they receive an email with a dashboard access link.
- Add Cisco Meraki MX Security Appliances to your organization. In the Meraki dashboard, go to Using the Organization Inventory page. . For more information, refer to this Meraki's
- Create a new network and add the MX Security Appliance to the network. In the Meraki dashboard, go to here. . For more information, refer to this Meraki reference:
Deploy the MX Security Appliance to the site. The MX Security
Appliance is placed between broadband router/modem providing connectivity to the
internet and the IP-based
- Configure the router/modem into bridge mode. The user interface of the modem or router is specific to the manufacturer and your Internet Service Provider (ISP). Consult the modem/router and your ISP documentation for further details.
- Connect an Ethernet cable from the Internet port of the MX Security Appliance to the router/modem.
- Connect the IP devices to the LAN ports of the MX Security Appliance. If there are more than four IP devices, they need to be connected to a separate switch and the switch needs to be connected to one of the LAN ports of the MX Security Appliance.
- Power on the MX Security Appliance. Verify that the front LED lights of the MX Security Appliance are solid white.
Configure the client VPN by following these steps:
- In the Meraki dashboard, hover over Network in the left pane. Select the desired network.
- Go to Status. Record the public IP address that appeared in the WAN field or the dynamic hostname in the Hostname field. You can use the IP address or the hostname when configuring the VPN client.
- Go to
Routing section. Note: The MX IP address should be an available static IP address within the existing BAS network and the MX IP address should be used as the default gateway for all MX Security Appliances, including the and the application servers .
. Configure the internal BAS network. For a simple BAS
network, enter the existing subnet information by clicking on the
default network entry under the
- Go to Client VPN Overview page. . Enable the Client VPN Server. In a simple BAS network, ensure the Client VPN subnet used here is in a different subnet range than the internal BAS network used previously. The Client VPN subnet should be unique with respect to all other BAS network subnets. For more information about the client VPN settings including VPN user management, refer to Meraki's
Setup and configure user MX Security Appliances for VPN access using Meraki's
Client VPN OS Configuration
Note: A VPN connection can be established to the MX Security Appliance using standard VPN client software that is included with supported Windows® operating systems, Apple® operating systems, or Android™ operating systems.
If you encounter the Windows 809 error in the Windows Event log on a Windows client MX Security Appliance, you may need to add the following key to the Registry:
Key: Server:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgentRegValue: AssumeUDPEncapsulationContextOnSendRule
Data Value: 2
After you create this key, you may need to reboot the Windows client MX Security Appliance.