The Umbrella User Guide Developer Hub

Welcome to the Umbrella User Guide developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella User Guide as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Configure Tunnels with Meraki MX – Option 1

Table of Contents


  • Cisco Meraki MX with software version 15.3 or later.
  • A Cisco Umbrella SIG account.

Integrate IPsec

  1. Navigate to Deployments > Core Identities > Network Tunnels and click Add.
  2. Give your tunnel a meaningful Tunnel Name.
  3. From the Device Type pull-down choose Meraki MX.
  1. Click Save and then enter a Tunnel ID and Passphrase.
  1. Click Save and then copy the Tunnel ID and Passphrase.
    These are used later in the Meraki dashboard.
  2. Click Done.
  3. In the Meraki dashboard, navigate to Security & SD-WAN > Configure Site-to-site VPN, and select Hub (Mesh).
  1. In VPN Settings, select “Yes” for the new VLAN you created.
  1. In Org-Wide Settings > Non-Meraki VPN Peers, click "Add a peer" and then add details from the Umbrella dashboard. (The values below may not match the Meraki defaults. Use the values shown here; the Meraki defaults are being updated.)

    • Name—Provide a meaningful name for the tunnel
    • IKE Version—Select IKEv2
    • IPsec policies Choose the predefined Umbrella configuration, see Supported IPsec Parameters.
  • Public IP—IP addresses are available here.
  • Local ID—This string is available in the Umbrella dashboard once you have created a Network Tunnel Identity.
  • Remote ID—Leave this blank.
  • Private subnets—This is always (all internet bound traffic is directed into the tunnels).
  • Preshared secret—This is available in the Umbrella dashboard once you create a Network Tunnel Identity.
  • Availability—Enter the tag you defined earlier for the MX appliance that will be building the tunnels to Umbrella.

Optional Configurations

  1. To tag the MX device associated with the tunnel, see Manage Tags.
  2. To create a VLAN for the subnet to redirect to Umbrella, see Configuring VLANs on the MX Security Appliance.
  3. To create a new SSID for the VLAN, see Configuring Simple Guest and Internal Wireless Networks.

Verification and Troubleshooting

  1. Run ping tests from the new VLAN to the internet. For more information, see Using the Ping Live Tool.
  2. Check the status of the VPN tunnel. For more information, see VPN Status Page.
  3. Follow the VPN troubleshooting procedures. For more information, see Troubleshooting Non-Meraki Site-to-site VPN.

Note: Cisco Meraki does not support policy based routing. It is not possible to do client side routing to determine if specific traffic belongs inside or outside the tunnel. However, it is possible to choose if an entire VLAN is tunneled to Umbrella or not.

Updated 22 days ago

Configure Tunnels with Meraki MX – Option 1

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.