This will walk you through creating a site-to-site VPN from a Meraki MX device to an ACS project from scratch.
Creating the first side in ACS
From the dashboard go to Network > VPN
Add an IKE Policy
Name: Give a name you prefer
Description: - Give a description you prefer
ID: This will be auto-generated
Project ID: This will be auto-generated
Authorization algorithm: sha1
Encryption algorithm: 3des
IKE version: v1
Lifetime Units: seconds
Lifetime Value: 28800
Perfect Forward Secrecy: group2
IKE Phase1 negotiation mode: main
Add an IPsec Policy
Name: Give a name you preferDescription: Give a description you prefer
ID: b57cf2a5-a071-4dbc-813f-03f33192bfed
Project ID: 8aeaf5f0c78746639b25d94c85fed833
Authorization algorithm: sha1
Encapsulation mode: tunnel
Encryption algorithm: 3des
Lifetime Units: seconds
Lifetime Value: 28800
Perfect Forward Secrecy: group2
Transform Protocol: esp
Add VPN Service
Name: Give a name you prefer
Description: Give a description you prefer
Router: Select the Router you want to be part of the VPN
Subnet: Select the subnet you want to access the VPN
Add Endpoint Groups
Name: Give a name you prefer
Description: Give a description you prefer
Type:
External System CIDRs:
*Create one of each, internal and external, CIDR is for client-side LAN, the subnet is for ACS LAN
IPsec Site Connections
Complete all required fields with the predetermined information from the other tabs.
Peer ID = Public IP on the client-side router
Pre-Shared Key (PSK) string should not have any special characters.
Meraki Side
Name:
Public IP: ACS Router IP
Remote ID: Not needed
Private Subnets: LAN CIDR in ACS
IPsec policies: 3DES, SHA1, Group 2, 28800 for both Phase 1 & Phase 2