cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

In site to site VPN detach hubs vpn tunnel

SOLVED
Highlighted
Comes here often

In site to site VPN detach hubs vpn tunnel

Hi Guys,

If I management MXs on same organization.
I need create site to site VPN between this MXs.
But VPN Group A and Group B did not create VPN tunnel.
The diagram like below.

Hank_Huang_1-1583826152591.png

 

 

In documentation is say "If the MX is configured as a Hub, it will build VPN tunnels to all other Hub MXs in the Auto VPN domain ".
Did it's possible, do not build VPN between hubs?

 

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: In site to site VPN detach hubs vpn tunnel

I believe a recent beta firmware has an option for this.  I think you have to open a support ticket to get this option.

 

Another easy option is to create VPN firewall rules to only allow what you want.

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior 

View solution in original post

3 REPLIES 3
Kind of a big deal

Re: In site to site VPN detach hubs vpn tunnel

I believe a recent beta firmware has an option for this.  I think you have to open a support ticket to get this option.

 

Another easy option is to create VPN firewall rules to only allow what you want.

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior 

View solution in original post

Highlighted
Comes here often

Re: In site to site VPN detach hubs vpn tunnel

I think VPN firewall isn't bester solution on this case.
This can't solve this problem when more spoke site use same subnet.


The best way is waiting Meraki release new feature.

Highlighted
Kind of a big deal

Re: In site to site VPN detach hubs vpn tunnel

>This can't solve this problem when more spoke site use same subnet.

 

If that is the actual issue it sounds like the networks should actually be separate orgs.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.