I am setting up a Meraki network for 3 locations, soon to be expanded to 6 or 7.
My experience is with Cisco ASA and Aruba/Procurve networking, so this is a new world for me.
I have set up template for the 3 locations that we want to implement straight away, and most of the setup is pretty straight forward, but I cannot wrap my head around the client vpn routing.
We have 8 standard VLANs for all out sites. 7 of which are included in the VPN, 1 is a guest network so that is set as "Same", the 7 others are "Unique" in the template.
Client VPN is a template setting and not a per-device setting, so the client VPN subnet is obviosuly shared on all sites.
I need the Client VPN connected users to be able to access resources on all 3 locations. I found the setting to include the Client VPN subnet in the VPN - but how on earth will that work, when the Client VPN Subnet is the same on all 3 sites?
Is the traffic NAT'ed in some way on the MX? If not, do the site to site VPN keep track of where to send the traffic from and to a ClientVPN-connected device?
To make this extra fun, only the site I am on has the Meraki setup yet. The two other sites have ASA devices. The L2L VPN to these devices is set up and work flawlessly, but I cannot set up the client VPN properly, when I dont understand how it works.
That was pretty much what I came to as well. Does that mean I have to build separate configurations alltogether (wifi, switch, security) for all sites? I cannot see any way to exclude just certain parts of the configuration, e.g. client VPN, from the template. So to me it seems like I have to choose between using templates at all, or have unique subnets on the Client VPN per device. But I may be missing something obvious