Any way to disable specific Networks in Site-to-Site VPN?

Solved
Eric_OKC
Conversationalist

Any way to disable specific Networks in Site-to-Site VPN?

Why is there not a checkbox next to the "Remote VPN Participants" when Site-to-Site VPN is enabled?

 

I absolutely do NOT want to mix certain networks, or establish VPN Tunnels between them. 

 

Example: 

I have two existing sites with MX64's that use auto-mesh and work extremely well. 

 

I need to add two more sites that do, A: automesh between themselves, but absolutely do NOT establish a VPN connection to my original two networks, and B: have a VPN tunnel to a 3rd party network.

 

The LAN subnet that is at the 3rd party network conflicts with the subnet for my original network, which is why I need this second set of MX64's to be completely separate.

 

It would seem that simple "disable" check boxes would be a perfect solution for this (or simply not automatically adding ALL networks to my Remote VPN Participants table).

As is, (correct me if i'm wrong) I would have to create a 2nd Meraki dashboard login, and operate this site as a 2nd "company" to separate these two networks from my original two networks, correct?

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

You can have multiple organisations under a single login.  You just switch between them.  No need to logout and back in again.

 

Just use the same email address for both Organisations.

View solution in original post

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal

You are not going to be able to do that in a single Meraki organisation.  Meraki requires all the subnets in any network that have VPN enabled to be unique across the entire Organisation.

 

Even if you  could deselect a site it would violate the unique subnet restriction.

 

 

I have deployed a large number of Meraki networks and these restrictions speed up deployments incredibly, but mean you can't handle the small number of special cases like this.

 

If it was me, I would put in a little ASA 5506 beside the MX at the special site to handle this case.

PhilipDAth
Kind of a big deal
Kind of a big deal

Actually, the easy solution to your problem would be to split your setup into two organizations. 

Eric_OKC
Conversationalist

Thats what I was afraid of... 

 

Seems pretty lame when you consider Ubiquity will allow you to operate multiple "organizations" under the same admin login, which would be ideal in this case...

 

Now I can only monitor one Meraki network at a time (login, logout, login, logout)... unless I keep two separate browsers open (chrome / firefox)... and I'm guessing i'll need to create a new email address to create the new login as well... 

😕

PhilipDAth
Kind of a big deal
Kind of a big deal

You can have multiple organisations under a single login.  You just switch between them.  No need to logout and back in again.

 

Just use the same email address for both Organisations.

Eric_OKC
Conversationalist

Just saw your reply.  Thanks for the info... This solved my problem.

Thanks for your help!

 

Eric_OKC
Conversationalist

So, I managed to find the right question to ask google:

 

Can i have multiple organizations under the same dashboard login.  

 

The answer is YES.

 

This is a very acceptable solution to my problem, and honestly will let me set it up just about how I wanted in the first place.  

 

I logged out and created a new dashboard login.  As soon as I typed in the SAME email address, it prompted me to input my password and new Company name, so it could merge it into the existing login/dashboard.

There is also a monitoring page for all organizations.

 

For those finding this thread....  More on the MSP Portal here:

https://documentation.meraki.com/zGeneral_Administration/Organizations_and_Networks/Using_the_MSP_Po...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels