Home > Security and SD-WAN > Site-to-site VPN > Custom IPsec policies with Site-to-site VPN

Custom IPsec policies with Site-to-site VPN

When using a Cisco Meraki MX Security Appliance to create an IPsec VPN to a non-Meraki peer, multiple options are available for customizing the parameters of that VPN connection. For more information on site-to-site VPN functionality, please refer to our security appliance documentation. This article will specifically cover the options available when customizing IPsec parameters for a peer. 

Note: Only customize the IPsec policies settings if required by the peer, and when the required settings are known. Modifying the parameters without proper planning can result in a VPN connection going down until correctly configured on both ends.


Site-to-site VPN settings are managed on the Security & SD-WAN > Configure > Site-to-site VPN page, and 3rd-party peers are located in the Organization-wide settings section. When configuring a peer, the IPsec policies column will indicate what parameters are currently configured, and can be clicked on for additional detail. Below is an example peer with the default policy.


Customizing and Presets

To change the IPsec policies for a peer, click on the link in that column, which indicates the current settings. In the window that appears, a number of options are available.


The Preset selection allows easy setup of peers for some popular services, such as Azure and AWS. "Default" will reset the parameters to those used between Cisco Meraki peers, and "Custom" can be used for non-standard configurations.


The Phase 1 and Phase 2 sections can be customized as needed for peers that are not compatible with one of the existing presets. Fields allowing multiple options will present them as a list, and allow any or all of the options to be selected. When connecting with a peer, any of the selected options will be available when negotiating. It is important to remember that these settings must match on both ends of the VPN tunnel in order to establish correctly.

custom ipsec options.PNG


After changing the Preset section or modifying any of the Phase 1 or Phase 2 options, click Update. Then click Save Changes.

Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1306

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community