We’re excited to announce a new feature that just went live for all of our Cisco Meraki MX Security Appliance customers: customizable third-party VPN policies. This means that an MX can be integrated into a greater number of VPN networks without needing to modify the settings of non-Meraki VPN peers.

You can now tweak the following security parameters on your MX for an IPsec connection to a non-Meraki peer:

  • Phase 1:
    • Encryption
    • Hash/authentication
    • Lifetime
    • Diffie Hellman group
  • Phase 2: all the settings listed in Phase 1 plus
    • Perfect Forward Secrecy (PFS)
    • PFS Diffie Hellman group (if on)

Configuring Phase 1 and Phase 2 parameters from the MX for a VPN tunnel to a non-Meraki peer.


Being able to adjust these settings allows greater VPN flexibility. To modify these parameters, navigate to Configure > Site-to-site VPN in the Meraki dashboard and scroll down to the “Organization-wide settings” section. In configuring “Non-Meraki VPN peers,” note that there is now a clickable link under the “IPsec policies” column. Clicking this link will display modifiable VPN settings.

In addition to deeper connectivity control, we’ve also provided presets to help customers with configuring commonly used Cloud services like Amazon Web Services (AWS) and Azure—which often require customized VPN connections.

Preset for AWS VPN connection.


For more information about configuring VPN with Meraki MX security appliances alongside non-Meraki peers, please check out our Knowledge Base. For information about deploying site-to-site VPN between MX security appliance in seconds, check out a quick 3-minute video about Auto VPN, our VPN whitepaper, and our website.