Meraki

Aousien · ‎Aug 3 2025

Meraki SDWAN Hub and Spokes (200 Spokes) - customer needs SIG tunnel from each spoke to Umbrealla- and No we cannot use secure connect - so we have to do it old school,

The question is , Can I create a single non-Meraki IPSec tunnel to cover all my Meraki spoke sites, or do I need a separate tunnel for each site so 200 NMVPN and use tag for each network/tunnel ?

Thanks.

alemabrahao · ‎Aug 3 2025

The documentation suggests that you should configure a tunnel and use Tags with separated tunnels.

https://documentation.meraki.com/MX/Site-to-site_VPN/MX_and_Umbrella_SIG_IPSec_Tunnel

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Aousien · ‎Aug 5 2025

where in the document you shared it says Tags with separated tunnels ? I cannot see that , it says use tag , and that tag can be one tag assigned to 100 networks as I am reading it.

PhilipDAth · ‎Aug 3 2025

You need a separate tunnel for each site.

Aousien · ‎Aug 5 2025

so for 250 sites , you will create and configure 250 NMVPN peers and use tags to assign each tunnel to a site ? or can you configure a single NMVPN tunnel , and that can be used by all sites ?

I know each site will build a tunnel , but from config perspective, 1 VMVPN tunnel or 250 ? thanks.

PhilipDAth · ‎Aug 6 2025

You should be able to define a single tunnel on the Meraki side (it will automatically get applied to al 250 sites). I expect you'll need to configure 250 tunnels on the Umbrella side.

I'm not familiar with NMVPN or VMVPN. Maybe DMVPN? Meraki doesn't support that.

PhilipDAth · ‎Aug 6 2025

You could consider putting a VMX into Amazon AWS or Azure, use AutoVPN to build all your VPNs automatically to there, and then create a single tunnel from AWS/Azure to Umbrella SIG.

Meraki

Community

MX and Umbrella SIG IPSec Tunnel

MX and Umbrella SIG IPSec Tunnel