VPN peers : have multiple Phase 2 and one phase 1


VPN peers : have multiple Phase 2 and one phase 1



Is it possible to have multiple phase 2 behind one phase 1 with non-meraki VPN ?

Well ... is it possible to have multiple phase2 with meraki-meraki peers ? (I do not have a second meraki MX to try this)

Kind of a big deal

When you say Meraki-Meraki, do you mean two MX within the same organization using AutoVPN, or do you mean as third party VPN peers?


If you mean third party VPN, then it doesn't matter what model is at the other end of your tunnel.


Event-log wise, I'm only seeing single phase 2 negotiations on the tunnels I'm reviewing. Not like an ASA where you get a child policy for every subnet.


What are you trying to do?

Kind of a big deal
Kind of a big deal

Yes to question one.

If you run the newer beta you'll even get better logging where the SA's will be mapped to the correct traffic selectors.

Question two well you can have multiple VLANs but it's not true IPsec so I don't think it actually works with phases and negotiations.  Everything is rather orchestrated with the cloud.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.