MX to Netgear Prosafe Site-to-site VPN Setup
The Netgear Prosafe can form a site-to-site VPN with a Meraki MX series security appliance. The easiest way to configure this is by logging onto your Netgear Prosafe via a web browser and clicking on the VPN Wizard found on the left hand side of the page under VPN. This will display text informing you that several defaults are assumed during the wizard and that these can be adjusted by clicking VPN Settings after the wizard has completed. Click the Next button to begin the configuration.
The first screen prompts you to give the VPN tunnel a name that will be meaningful to you and easy to remember. In the textbox corresponding to the pre-shared key enter the key string exactly as it appears on the MX under Security & SD-WAN > Configure > Site-to-site VPN > Organization-wide settings > Non-Meraki VPN peers > Preshared secret. Select the radio button for a remote VPN Gateway to enable the site-to-site VPN functionality. Click the Next button when you are finished.
The second step prompts you to enter the Remote WAN IP address. In the textbox enter the public IP address of the MX security appliance. Please note that this must be the IP address of the primary interface specified on the MX under Security & SD-WAN > Configure > SD-WAN & traffic shaping > Uplink selection > Global preferences > Primary uplink. Therefore if you have the primary uplink configured as WAN 1 then you must use WAN 1's Public IP address.
The third step prompts you to enter remote LAN subnet. In the text boxes for IP Address enter the VPN-shared subnet of the MX security appliance. In the text box labeled subnet mask enter the numbers corresponding to the LAN subnet's CIDR notation. For example a /24 would be entered as 255.255.255.0. Click the Next button to continue to the next screen.
The last screen will display a summary of the previous three steps. Confirm your responses are correct and select the Done button to apply the policy. The Netgear Prosafe uses default settings suggested by the VPNC (VPN Consortium) to configure the authentication and encryption parameters of the VPN tunnel. These defaults will work with the MX series, no further configuration is necessary. With the settings saved to the Netgear Prosafe it will attempt to establish an IPsec VPN tunnel with the MX once client traffic attempts to access the remote subnet.
For more information on setting up the MX to participate in a site-to-site VPN, please review the following articles: