Hello,
We have an MX-65 that we want site-to-site VPN only for a few ports. When you configure site-to-site VPN, is that all or nothing?
Thank you
Solved! Go to solution.
You can create another vlan. Dont make it part of the vpn. Assign that vlan as access vlan to the ports you dont want to use vpn.
You can create a L3 firewall rules on VPN.
https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior
You can create another vlan. Dont make it part of the vpn. Assign that vlan as access vlan to the ports you dont want to use vpn.
Something like this is what I assumed we could do - thanks!
So you are talking about physical ports, I thought that you were talking about logical ports like (80, 443, etc).
Sorry I should have clarified, yes - physical ports.
Follow-up question if you happen to know, if we have a 250mbps connection at the main office, and the MX65 can handle a VPN connection of 100mbps, I assume even if we don't have the VPN on certain physical ports, the base connection is still at that 100mbps? Would ports not on the VPN get that 250mbps speed?
We're just trying to map out what's possible right now
Thanks in advance!