cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
324
Views
0
Helpful
2
Replies

Meraki need help - IPsec PSK modification impacted organization wide.

arunprabakary
Level 1
Level 1

Could anyone please help me understand how to mitigate the configuration changes made to the site-to-site VPN impacting all VPN peers (organization wide). Is there a way to articulate or direct the changes to PSK (especially) to single site/network? Soon we will be having a handful of sites with their own tunnels, and we should be able to make changes without having to touch each & every other site VPN's. Thanks for understanding.

2 Replies 2

alptechexpert
Level 1
Level 1

To mitigate the configuration changes made to the site-to-site VPN impacting all VPN peers and to direct the changes to PSK (especially) to a single site/network, you can follow these steps:
Create a contingency or back-out plan: Before making any changes, define a plan to revert to the previous configuration if needed. This includes creating a backup of the working configuration.
Use different subnets for each site: When setting up site-to-site VPNs, ensure that each site has its own unique subnet. This way, you can avoid conflicts between the subnets and direct the changes to the desired site/network.
Utilize route-based or policy-based routing: Depending on your VPN solution, you can use route-based or policy-based routing to control the flow of traffic between sites. This allows you to specify which site should receive the traffic and helps to avoid routing conflicts.
Implement security profiles: Define security profiles for each site to ensure that the appropriate security settings are applied to each VPN connection. This can help you control access to specific resources and maintain security consistency across all sites.
Use VPN overlay solutions: Some VPN solutions, like FortiOS, allow you to create a VPN overlay network. This can help you manage the VPN connections more efficiently and provide better control over the traffic flowing between sites.
Monitor and audit VPN traffic: Regularly monitor and audit the traffic flowing between sites to ensure that the VPN connections are functioning as intended and to detect any potential issues or security breaches.
By following these best practices, you can minimize the impact of configuration changes on your organization's VPN infrastructure and ensure that the desired changes are applied to the correct site/network without affecting other sites.

the IPsec check Key and Neighbor IP in order 
where the longest match Neigghbor IP is use the other key 
I think you use key with address 0.0.0.0?
MHM

Review Cisco Networking for a $25 gift card