Meraki

Community

Unexpected Change in VPN Peer Permissions: Network Admins Gaining Organization-Wide Access

CRASHOVERRIDE
Comes here often
‎Jul 23 2024 6:59 AM
‎Jul 23 2024 6:59 AM

Unexpected Change in VPN Peer Permissions: Network Admins Gaining Organization-Wide Access

 

We have a large organization with over 150 networks distributed globally.

Previously, assigning the Network Administrator role to specific networks was straightforward, as their administrative tasks were limited to the networks assigned to them.

 

However, a Network Admin recently informed me that they can now add, edit, and delete non-Meraki Site-to-Site (S2S) VPN peers. This capability was previously restricted to Organization Admins, but it seems that any admin from any network in the organization can now modify ALL non-Meraki S2S peers and tunnels.

 

I have verified the permissions and confirmed with the admin that they can indeed modify settings that could impact the entire organization.

 

My question is, when was this change implemented, and is there a way to revert it?

We cannot allow network-specific admins to make changes to non-Meraki VPN tunnels that affect other networks in the organization, which they should not have access to.

 

Has anyone else encountered this issue? Previously, this permission was exclusive to Organization Admins and not individual Network Admins.

Labels:
0 Kudos
1 Reply 1
Mark_S
Meraki Employee
Meraki Employee
‎Jul 29 2024 5:57 AM
‎Jul 29 2024 5:57 AM

Hi CRASHOVERRIDE,

 

When the network-only admin makes changes to the site-to-site VPN configuration, can it be saved successfully?

Or do the changes disappear/revert after attempting to save the page?

 

If you have not already, I would recommend raising a case with Meraki support so they can investigate this with you and determine whether this is unexpected behaviour.
Details on how to raise a case through dashboard or to call the support line can be found within the 'Get help & cases' page which is accessible in the ? icon menu in dashboard.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.