Meraki

Community

Any way to disable specific Networks in Site-to-Site VPN?

Solved
Eric_OKC
Conversationalist
‎Nov 19 2018 9:14 AM
‎Nov 19 2018 9:14 AM

Any way to disable specific Networks in Site-to-Site VPN?

Why is there not a checkbox next to the "Remote VPN Participants" when Site-to-Site VPN is enabled?

 

I absolutely do NOT want to mix certain networks, or establish VPN Tunnels between them. 

 

Example: 

I have two existing sites with MX64's that use auto-mesh and work extremely well. 

 

I need to add two more sites that do, A: automesh between themselves, but absolutely do NOT establish a VPN connection to my original two networks, and B: have a VPN tunnel to a 3rd party network.

 

The LAN subnet that is at the 3rd party network conflicts with the subnet for my original network, which is why I need this second set of MX64's to be completely separate.

 

It would seem that simple "disable" check boxes would be a perfect solution for this (or simply not automatically adding ALL networks to my Remote VPN Participants table).

As is, (correct me if i'm wrong) I would have to create a 2nd Meraki dashboard login, and operate this site as a 2nd "company" to separate these two networks from my original two networks, correct?

0 Kudos
1 Accepted Solution
In response to Eric_OKC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 19 2018 1:50 PM
‎Nov 19 2018 1:50 PM

You can have multiple organisations under a single login.  You just switch between them.  No need to logout and back in again.

 

Just use the same email address for both Organisations.

View solution in original post

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 19 2018 10:36 AM
‎Nov 19 2018 10:36 AM

You are not going to be able to do that in a single Meraki organisation.  Meraki requires all the subnets in any network that have VPN enabled to be unique across the entire Organisation.

 

Even if you  could deselect a site it would violate the unique subnet restriction.

 

 

I have deployed a large number of Meraki networks and these restrictions speed up deployments incredibly, but mean you can't handle the small number of special cases like this.

 

If it was me, I would put in a little ASA 5506 beside the MX at the special site to handle this case.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 19 2018 10:37 AM
‎Nov 19 2018 10:37 AM

Actually, the easy solution to your problem would be to split your setup into two organizations. 

0 Kudos
In response to PhilipDAth
Eric_OKC
Conversationalist
‎Nov 19 2018 1:46 PM
‎Nov 19 2018 1:46 PM

Thats what I was afraid of... 

 

Seems pretty lame when you consider Ubiquity will allow you to operate multiple "organizations" under the same admin login, which would be ideal in this case...

 

Now I can only monitor one Meraki network at a time (login, logout, login, logout)... unless I keep two separate browsers open (chrome / firefox)... and I'm guessing i'll need to create a new email address to create the new login as well... 

😕

0 Kudos
In response to Eric_OKC
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 19 2018 1:50 PM
‎Nov 19 2018 1:50 PM

You can have multiple organisations under a single login.  You just switch between them.  No need to logout and back in again.

 

Just use the same email address for both Organisations.

In response to PhilipDAth
Eric_OKC
Conversationalist
‎Nov 19 2018 2:08 PM
‎Nov 19 2018 2:08 PM

Just saw your reply.  Thanks for the info... This solved my problem.

Thanks for your help!

 

0 Kudos
In response to Eric_OKC
Eric_OKC
Conversationalist
‎Nov 19 2018 2:06 PM
‎Nov 19 2018 2:06 PM

So, I managed to find the right question to ask google:

 

Can i have multiple organizations under the same dashboard login.  

 

The answer is YES.

 

This is a very acceptable solution to my problem, and honestly will let me set it up just about how I wanted in the first place.  

 

I logged out and created a new dashboard login.  As soon as I typed in the SAME email address, it prompted me to input my password and new Company name, so it could merge it into the existing login/dashboard.

There is also a monitoring page for all organizations.

 

For those finding this thread....  More on the MSP Portal here:

https://documentation.meraki.com/zGeneral_Administration/Organizations_and_Networks/Using_the_MSP_Po...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.