Why is there not a checkbox next to the "Remote VPN Participants" when Site-to-Site VPN is enabled?
I absolutely do NOT want to mix certain networks, or establish VPN Tunnels between them.
I have two existing sites with MX64's that use auto-mesh and work extremely well.
I need to add two more sites that do, A: automesh between themselves, but absolutely do NOT establish a VPN connection to my original two networks, and B: have a VPN tunnel to a 3rd party network.
The LAN subnet that is at the 3rd party network conflicts with the subnet for my original network, which is why I need this second set of MX64's to be completely separate.
It would seem that simple "disable" check boxes would be a perfect solution for this (or simply not automatically adding ALL networks to my Remote VPN Participants table).
As is, (correct me if i'm wrong) I would have to create a 2nd Meraki dashboard login, and operate this site as a 2nd "company" to separate these two networks from my original two networks, correct?
Solved! Go to Solution.
You are not going to be able to do that in a single Meraki organisation. Meraki requires all the subnets in any network that have VPN enabled to be unique across the entire Organisation.
Even if you could deselect a site it would violate the unique subnet restriction.
I have deployed a large number of Meraki networks and these restrictions speed up deployments incredibly, but mean you can't handle the small number of special cases like this.
If it was me, I would put in a little ASA 5506 beside the MX at the special site to handle this case.
Actually, the easy solution to your problem would be to split your setup into two organizations.
Thats what I was afraid of...
Seems pretty lame when you consider Ubiquity will allow you to operate multiple "organizations" under the same admin login, which would be ideal in this case...
Now I can only monitor one Meraki network at a time (login, logout, login, logout)... unless I keep two separate browsers open (chrome / firefox)... and I'm guessing i'll need to create a new email address to create the new login as well...
So, I managed to find the right question to ask google:
Can i have multiple organizations under the same dashboard login.
The answer is YES.
This is a very acceptable solution to my problem, and honestly will let me set it up just about how I wanted in the first place.
I logged out and created a new dashboard login. As soon as I typed in the SAME email address, it prompted me to input my password and new Company name, so it could merge it into the existing login/dashboard.
There is also a monitoring page for all organizations.
For those finding this thread.... More on the MSP Portal here: