Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN Registry within an Organization

jefferyj40
Conversationalist
‎Apr 21 2021 11:32 AM
‎Apr 21 2021 11:32 AM

VPN Registry within an Organization

I have an existing VPN Hub network of an existing Hub setup to non Meraki equipment (Checkpoint Firewall) . I need to create a new MX250 VPN network to 30 other sites within this existing network. That will not affect the existing Meraki/Non Meraki VPN Hub that is online . Any suggestions, I have thought about creating a new Organization and moving these existing Meraki/Non Meraki sites to that new organization . So that their VPN registries are separate .

0 Kudos
Subscribe
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 21 2021 1:09 PM
‎Apr 21 2021 1:09 PM

I don't see why you would need to use two orgs.  Sure you could.  But I don't see any need.

 

Just use a tag for the existing non-Meraki VPN so it only builds from that one MX.

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Peer_availability 

Subscribe
In response to PhilipDAth
jefferyj40
Conversationalist
‎Apr 21 2021 1:29 PM
‎Apr 21 2021 1:29 PM

Just to clarify, we have three sites that connect to our Checkpoint Firewall from Meraki MX100 appliances . There are a total of 30 other sites within our existing organization. The newest units our two clustered MX250 VPN units which we would like to establish as a New VPN Hub network to the other 30 units . The three existing VPN Meraki's to Checkpoint Firewall are setup as Hubs . So when we setup the new MX250s , we want them to establish VPN tunnels to the 30 sites that don't have VPN now and then also to the existing 3 sites that have tunnels to the Checkpoint Firewall . So at the completion we will have all 33 sites with tunnels to the new MX250s .

 

We need to do these migrations to the 30 sites with NO downtime to the 3 HUB/Non Meraki units.

 

Thats why I wanted to separate the 3 existing sites because with Auto VPN the MX250s will try to establish VPN Tunnels to the NON Meraki VPN sites and cause an issue with those sites . The other 30 sitess should be NO issue since they are not setup for any VPN site to site setup.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.