Meraki

Community

Controlling subnets and non-merkai VPNs.

Solved
rsage_voda
Getting noticed
‎Aug 19 2025 6:44 AM
‎Aug 19 2025 6:44 AM

Controlling subnets and non-merkai VPNs.

I have an organization with some 20 sites. All sites partake in the auto-auto site to site vpn for their Corporate subnets. I also have two non-Meraki VPNs one to Azure and one to a specialist 3rd Party from a single site. The Corporate subnets need to access Azure.

I have a standalone subnet that needs is used to communicate with the specialist 3rd Party VPN. 

Sporadically the 3rd Party is reporting that they are seeing traffic coming from one of the Corporate subnets. Of which there are 5 enabled for VPN. 

Raised case with Meraki and there advice was to disable the VPN which isn't an option

Are VPN Outbound FW rules the only way to control what traffic goes down what VPN?

Labels:
0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 19 2025 6:54 AM
‎Aug 19 2025 6:54 AM

VPN has some limitations, but other options would be you can tag VPN subnets and selectively enable them for VPN participation.
On the non-Meraki VPN peer configuration, you can define which local subnets are advertised and which remote subnets are reachable.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 19 2025 6:54 AM
‎Aug 19 2025 6:54 AM

VPN has some limitations, but other options would be you can tag VPN subnets and selectively enable them for VPN participation.
On the non-Meraki VPN peer configuration, you can define which local subnets are advertised and which remote subnets are reachable.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 19 2025 3:32 PM
‎Aug 19 2025 3:32 PM

You can tag a network to be included in a VPN, but you can't tag individual subnets.

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#IPsec_VPN_Peers

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.