Meraki Community

Hank_Huang · ‎Mar 10 2020

Hi Guys,

If I management MXs on same organization.
I need create site to site VPN between this MXs.
But VPN Group A and Group B did not create VPN tunnel.
The diagram like below.

In documentation is say "If the MX is configured as a Hub, it will build VPN tunnels to all other Hub MXs in the Auto VPN domain ".
Did it's possible, do not build VPN between hubs?

Thanks.

PhilipDAth · ‎Mar 10 2020

I believe a recent beta firmware has an option for this. I think you have to open a support ticket to get this option.

Another easy option is to create VPN firewall rules to only allow what you want.

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior

View solution in original post

PhilipDAth · ‎Mar 10 2020

I believe a recent beta firmware has an option for this. I think you have to open a support ticket to get this option.

Another easy option is to create VPN firewall rules to only allow what you want.

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior

Hank_Huang · ‎Mar 11 2020

I think VPN firewall isn't bester solution on this case.
This can't solve this problem when more spoke site use same subnet.

The best way is waiting Meraki release new feature.

PhilipDAth · ‎Mar 11 2020

>This can't solve this problem when more spoke site use same subnet.

If that is the actual issue it sounds like the networks should actually be separate orgs.

Meraki Community

In site to site VPN detach hubs vpn tunnel

In site to site VPN detach hubs vpn tunnel