In looking at documentation, reading through the communities, and now testing some gear I've found the best way to get SNMP information is directly from the devices. This is still ongoing testing for me but I think I can get enough information that's needed now ....
My question though is with regards to direct SNMP monitoring - can you monitor via VPN tunnel?
I'm working on MSP deployment and considering turning up a VPN site to site back to a centralized MX specifically for monitoring purposes - anyone done something along these lines? Any surprises? The one thing that comes to mind is overlapping IP addresses between the sites but I understand the VPN has some kind of translation options to address this challenge? A lot of these sites will also have other site to site requirements along with remote access VPN - for my purposes of turning up a "monitoring VPN" is there anything else that comes to mind to be watchful for?
Unless all the devices are in the same organisation so you can use AutoVPN - don't do it. It is way to much hard work and too complicated.
You would be better off writing a monitoring Plugin for your existing monitoring system that uses the API or stick to using SNMP to the dashboard.
Thanks ... we were considering doing it all in one organization with the networks broken out per customer site etc ... but doing separate organizations has some benefits as well... licensing etc.
I haven't done much with AutoVPN other than tried it out and it worked - simple test 😉 I need to do some reading obviously but you're saying that AutoVPN between organizations isn't possible or at least it's painful?
Partially answering my own question from this post I just found: https://community.meraki.com/t5/Managed-Services/AutoVPN-in-an-MSP-environment/m-p/14939#M70
I need to read up on AutoVPN (or any site to site options in Meraki) to understand more. Basically the reason is so that we can actually monitor all the devices via SNMP directly (seems like better metrics are available) along with the fact we can ping to check it's actually online etc ... maybe there's a better way? Basically we need to alert and contact the customer within minutes possibly of an issue - the Meraki Dashboard won't give us this ability ...
AutoVPN between organisations is not possible. Also note that IP addressing must be unique within a single organisation using AutoVPN.