Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX-65 designate ports to not use auto VPN?

Solved
ry8s
Conversationalist
‎Oct 17 2022 11:36 AM
‎Oct 17 2022 11:36 AM

MX-65 designate ports to not use auto VPN?

Hello,

 

We have an MX-65 that we want site-to-site VPN only for a few ports.  When you configure site-to-site VPN, is that all or nothing?

 

Thank you

Labels:
0 Kudos
Subscribe
1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal
‎Oct 17 2022 12:09 PM
‎Oct 17 2022 12:09 PM

You can create another vlan. Dont make it part of the vpn. Assign that vlan as access vlan to the ports you dont want to use vpn.

View solution in original post

0 Kudos
Subscribe
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 17 2022 11:49 AM
‎Oct 17 2022 11:49 AM

You can create a L3 firewall rules on VPN.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
ww
Kind of a big deal
Kind of a big deal
‎Oct 17 2022 12:09 PM
‎Oct 17 2022 12:09 PM

You can create another vlan. Dont make it part of the vpn. Assign that vlan as access vlan to the ports you dont want to use vpn.

0 Kudos
Subscribe
In response to ww
ry8s
Conversationalist
‎Oct 17 2022 1:39 PM
‎Oct 17 2022 1:39 PM

Something like this is what I assumed we could do - thanks!

0 Kudos
Subscribe
In response to ry8s
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 17 2022 1:48 PM
‎Oct 17 2022 1:48 PM

So you are talking about physical ports, I thought that you were talking about logical ports like (80, 443, etc).

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
ry8s
Conversationalist
‎Oct 17 2022 1:49 PM
‎Oct 17 2022 1:49 PM

Sorry I should have clarified, yes - physical ports.

0 Kudos
Subscribe
In response to ww
ry8s
Conversationalist
‎Oct 18 2022 8:04 AM
‎Oct 18 2022 8:04 AM

Follow-up question if you happen to know, if we have a 250mbps connection at the main office, and the MX65 can handle a VPN connection of 100mbps, I assume even if we don't have the VPN on certain physical ports, the base connection is still at that 100mbps?  Would ports not on the VPN get that 250mbps speed?

We're just trying to map out what's possible right now

Thanks in advance!

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.