As briefly discussed earlier in this chapter, Meraki Auto VPN is a proprietary Meraki technology that automates VPN tunnel creation and management by utilizing the power of the Meraki Dashboard and cloud management to allow quick and easy configuration of VPN tunnels to any other Meraki MX or Z-series device within the same Dashboard organization.
Meraki has significantly simplified the VPN setup and WAN failover mechanisms by leveraging the Dashboard, which is aware of the full configuration of every organization, including the status of all other Auto VPN participants in each network within the organization. This makes the Meraki Auto VPN setup a simple and easy to implement solution that automates IPsec Phase I and Phase II configurations to create VPN connections between devices across networks.
When using Meraki Auto VPN, it’s important to understand the distinction between the VPN management traffic that traverses between the devices and the Meraki cloud and the actual VPN tunneled traffic that carries user data between sites, as visualized in Figure 5-9.
Figure 5-9 Meraki Auto VPN Traffic Architecture
Auto VPN management traffic is exchanged between devices and the Meraki cloud and is used to exchange connectivity details like peer IPs and ports to enable the negotiation of VPN tunnels between peers. The actual VPN tunnel that carries user data between sites is established directly between devices like a traditional VPN tunnel and does not traverse the Meraki cloud in any way. Figure 5-9 demonstrates the difference between paths taken by Meraki management data and paths taken by user data traversing between sites.