Skip to main content
Cisco Meraki

Cisco+ Secure Connect - Configure Tunnels with Meraki MX

Configure Tunnels with Meraki MX

Set up Secure Access Tunnels                                                                                                                                                                                                     

  1. From Cisco+ Secure Connect Dashboard, Navigate to the second step - Set up Secure Access Tunnels


Screen Shot 2022-01-10 at 5.15.05 PM.png

2. In Umbrella Dashboard, Go to Add ( Upper Right hand Corner ) to create a tunnel 


Screen Shot 2022-01-10 at 5.17.39 PM.png


Configure Tunnel 

  1. From the Device Type pull-down choose Meraki MX

Multiple Tunnels

If both Private Access (for remote users) and Secure Internet Access (for branch location access) tunnels, TWO separate tunnels are required today. It is not possible to use a single tunnel for both types of access.   Creating multiple tunnels from the same device is possible with some devices. For more details, see Can-I-create-multiple-IPSEC-Tunnels


4. Specify the Service Type as Private Access 


5. Client Reachable Prefixes -enter in a subnet or the subnets that remote users need to access. Traffic destined to these subnets are sent securely through the tunnel. 


Configure Tunnel ID and Passphrase

6.  Click Save and then enter a Tunnel ID and Passphrase.

Click Save and then enter a Tunnel ID and Passphrase.

Click Save and then copy the Tunnel ID and Passphrase.
These are used later in the Meraki dashboard.

7. Click Done. and click Return to secure Connect at the top

Configure Site-to-site VPN

8. In the Meraki dashboard, navigate to Security & SD-WAN > Configure Site-to-site VPN, and select Hub (Mesh).

9. In VPN Settings, select “Yes” for the new VLAN you created.



  1.  In Org-Wide Settings, add details from the Umbrella dashboard.

    • Name—Provide a meaningful name for the tunnel
    • IKE Version—Select IKEv2
    • IPSec policies—For more information, see Supported IPSec Parameters.
  • Public IP—IP addresses from below


Los Angeles, CA


Santa Clara, CA


New York, NY


Ashburn, VA


London, UK


Frankfurt, DE


Paris, FR


Prague, CZ

  • Local ID—This string is available in the Umbrella dashboard once you have created a Network Tunnel Identity.
  • Remote ID—Leave this blank.
  • Private subnets— VPN Remote Subnets Defined for Secure Connect Remote Users
  • Preshared secret—This is available in the Umbrella dashboard once you created a Network Tunnel Identity.
  • Availability—Enter the tag you defined earlier for the MX appliance that will be building the tunnels to Umbrella.
  1. To tag the MX device associated with the tunnel, see Manage Tags.
  2. To create a VLAN for the subnet to redirect to Umbrella, see Configuring VLANs on the MX.
  3. To create a new SSID for the VLAN, see Configuring Guest and Internal Wireless Networks.


Verification and Troubleshooting
  1. Run ping tests from the new VLAN to the internet. For more information, see Using the Ping Live Tool.
  2. Check the status of the VPN tunnel. For more information, see VPN Status Page.
  3. Follow the VPN troubleshooting procedures. For more information, see Troubleshooting Non-Meraki Site-to-site VPN.

Cisco Meraki does not support the ability to redirect only a particular subnet inside the IPSec tunnel to the Umbrella cloud.

  • Was this article helpful?