Leveraging Meraki Site-Site VPN For Backup Security Video

Please remember, this blog is mostly about wireless- but not always. I recently brought a customer site online where I did the LAN, Wi-Fi, simple background music speakers with satellite radio feed, and IP-CCTV, all in a brand new building. The Ethernet and Wi-Fi environments are just footnotes to the rest of this blog, but the Meraki MX84 that serves as the network head-end will factor large in the story.

The video system is of Hikvision components, with a couple of POE camera types and a networked DVR. I don’t do a lot of video applications, but the Hikvision stuff is pretty easy to work with end-to-end. The new building is fairly large for a small business, and we ended up with 15 cameras total in what can only be described as just another well-networked environment.

Can we do… THIS?

This client has multiple business sites, and I have built the networks in all of them. It turns out that in the past, a case of arson and significant loss of property has them constantly thinking about security. One day after the new site opened, I was asked if we could somehow backup the video at the new site to one of their other sites. If the unthinkable should ever happen and the new-site DVR were to be destroyed along with it’s contents, the idea would be that the same video would live at a backup site to hopefully shed light on what happened.

I was a bit stumped on this one, and did some research on cloud-backup options (In this case very expensive per-camera subscription prices made this unappealing ) and other avenues that didn’t seem real supportable or reliable. But in reading more on the Hikvision capabilities, I realized the solution would be pretty simple if we got another networked DVR.

VPN, Manual Camera Assignments, Success

Both the new site and the backup site have decent Internet connections with adequate amounts of headroom, so I felt comfortable going down the road I’m about to describe. Each site has a Meraki MX servicing the local network, and creating a site-to-site VPN with the MX appliances couldn’t be easier (something I’ve done dozens of times now). You do want to be mindful of MX capacity for this stuff when working at the enterprise scale, but my small-business deployment is an easy fit for where this is going.

The new site has several VLANs in 10.x.x.x address ranges, while the backup site uses 192.168.x.x on the inside. After I brought up the VPN, I made sure that both sites could ping each other in the right IP ranges, and with just a couple of clicks, the sites were joined (this is soooo easy on Meraki gear).

At the backup site, we added an identical DVR, directly off of the MX. I gave it a fixed IP address, and added it to the list of hosts I want Meraki to notify me about if it ever drops offline. And again, I made sure the new site could ping the new DVR at the backup site. The latency between sites is pretty low as well, given that the same ISP feeds each in a fairly tight geographic area. So far so good.

The Hikvision cameras have a “primary” stream and a lower-load “sub-stream”. My strategy here was to keep the high-quality primary stream confined to the new site, where cameras and DVR are on the same network. Then for the backup, I’d use the sub-stream with the second DVR to not overwhelm either site’s ISP link. As I mentioned, each link has headroom, but this application was not foreseen when the ISP connections were bought and that headroom can disappear quickly if not managed right.

To finish it up, I manually added the handful of cameras from the new site that would likely be of interest in an investigation to the new backup DVR, while watching the primary DVR and network utilization at both sites for any signs of trouble or dropped video. End result- it’s working well so far in all regards.


I’m guessing an IPTV Pro would read this and say “uh, OK… big deal.” For me, it was an opportunity to learn more about the capabilities of the Hikvision equipment, which happens to be almost as straight-forward to work with as Meraki on the network side. At the same time, there are lots of ways to screw something like this up if you don’t take your time and proceed with caution. I can still remotely manage and monitor all of the parts involved, which is very important in the support model for this customer. We’ll see if it stands the test of time, but so far it’s looking good.

3 thoughts on “Leveraging Meraki Site-Site VPN For Backup Security Video

  1. Timothy O'Hara

    I have done something similar in order to network a few stores of a small retail business owned by some friends of mine. They needed to network the stores to sync up giftcard info before they moved to a cloud based solution. “Meraki VPN so easy, even a Wireless Engineer can configure it” 🙂

  2. Tim Byers

    I have a customer interested in the same approach. Sounds like by assigning static IP’s from a private subnet to the DVRs, they can be accessed anywhere through the VPN. Correct? This ease-of-access to the DVRs will be critical for my customer. Thanks for writing about this!


Tell me what YOU think.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s