Meraki

Community

Limit VPN so only A-B and C-D can talk

overblower
Comes here often
14 hours ago
14 hours ago

Limit VPN so only A-B and C-D can talk

Hi Team,

I have 4 MX devices in different locations.


Let’s call them A, B, C, and D.


Right now, all of them can ping each other.


But I only want communication between A-B and C-D.

That means devices in A and B should be able to ping each other, and devices in C and D should be able to ping each other.


How should I configure this?

Br
Tayfun

Labels:
0 Kudos
2 Replies 2
ww
Kind of a big deal
Kind of a big deal
12 hours ago
12 hours ago

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior#:~:text....

 

You would need rules like:

Allow A-B   (you could combine two rules AB-BA)

Allow B-A

Allow C-D

Allow D-C

Deny any

 

Or

Deny AB -CD

Deny CD - AB

Allow any

GIdenJoe
Kind of a big deal
Kind of a big deal
9 hours ago
9 hours ago

Once you include the source subnets in the VPN they will always be propagated to the other locations.  However you can use the site-to-site outbound firewall rules to filter the traffic between sites.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.