Umbrella uses the IPSec protocol for tunneling traffic. IPSec has multiple components and one of the key components is IKE, which manages negotiation with the peers, authenticating, certificate exchanges and also maintains the session by using the keepalive mechanism. We only support IKEv2, which is faster and more secure than IKEv1. Meraki uses IKEv1 for the IPSec tunnels by default. Umbrella only supports higher versions of DH group for IPSec tunnels and they are not yet exposed in the Meraki UI.
Steps to Enable IKEv2
To successfully establish the tunnel, contact Meraki support to enable IKEv2. Umbrella will not be able to be configured until this step is complete. Once complete, continue configuring Umbrella IPSec.