cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Any way to disable specific Networks in Site-to-Site VPN?

SOLVED
Highlighted
Conversationalist

Any way to disable specific Networks in Site-to-Site VPN?

Why is there not a checkbox next to the "Remote VPN Participants" when Site-to-Site VPN is enabled?

 

I absolutely do NOT want to mix certain networks, or establish VPN Tunnels between them. 

 

Example: 

I have two existing sites with MX64's that use auto-mesh and work extremely well. 

 

I need to add two more sites that do, A: automesh between themselves, but absolutely do NOT establish a VPN connection to my original two networks, and B: have a VPN tunnel to a 3rd party network.

 

The LAN subnet that is at the 3rd party network conflicts with the subnet for my original network, which is why I need this second set of MX64's to be completely separate.

 

It would seem that simple "disable" check boxes would be a perfect solution for this (or simply not automatically adding ALL networks to my Remote VPN Participants table).

As is, (correct me if i'm wrong) I would have to create a 2nd Meraki dashboard login, and operate this site as a 2nd "company" to separate these two networks from my original two networks, correct?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Any way to disable specific Networks in Site-to-Site VPN?

You can have multiple organisations under a single login.  You just switch between them.  No need to logout and back in again.

 

Just use the same email address for both Organisations.

View solution in original post

6 REPLIES 6
Highlighted
Kind of a big deal

Re: Any way to disable specific Networks in Site-to-Site VPN?

You are not going to be able to do that in a single Meraki organisation.  Meraki requires all the subnets in any network that have VPN enabled to be unique across the entire Organisation.

 

Even if you  could deselect a site it would violate the unique subnet restriction.

 

 

I have deployed a large number of Meraki networks and these restrictions speed up deployments incredibly, but mean you can't handle the small number of special cases like this.

 

If it was me, I would put in a little ASA 5506 beside the MX at the special site to handle this case.

Highlighted
Kind of a big deal

Re: Any way to disable specific Networks in Site-to-Site VPN?

Actually, the easy solution to your problem would be to split your setup into two organizations. 

Highlighted
Conversationalist

Re: Any way to disable specific Networks in Site-to-Site VPN?

Thats what I was afraid of... 

 

Seems pretty lame when you consider Ubiquity will allow you to operate multiple "organizations" under the same admin login, which would be ideal in this case...

 

Now I can only monitor one Meraki network at a time (login, logout, login, logout)... unless I keep two separate browsers open (chrome / firefox)... and I'm guessing i'll need to create a new email address to create the new login as well... 

😕

Highlighted
Kind of a big deal

Re: Any way to disable specific Networks in Site-to-Site VPN?

You can have multiple organisations under a single login.  You just switch between them.  No need to logout and back in again.

 

Just use the same email address for both Organisations.

View solution in original post

Highlighted
Conversationalist

Re: Any way to disable specific Networks in Site-to-Site VPN?

Just saw your reply.  Thanks for the info... This solved my problem.

Thanks for your help!

 

Highlighted
Conversationalist

Re: Any way to disable specific Networks in Site-to-Site VPN?

So, I managed to find the right question to ask google:

 

Can i have multiple organizations under the same dashboard login.  

 

The answer is YES.

 

This is a very acceptable solution to my problem, and honestly will let me set it up just about how I wanted in the first place.  

 

I logged out and created a new dashboard login.  As soon as I typed in the SAME email address, it prompted me to input my password and new Company name, so it could merge it into the existing login/dashboard.

There is also a monitoring page for all organizations.

 

For those finding this thread....  More on the MSP Portal here:

https://documentation.meraki.com/zGeneral_Administration/Organizations_and_Networks/Using_the_MSP_Po...

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.