What do you want to achieve here? Is it access control? For that you build *one* VPN-connection with three subnets local and three subnets remote.

If only a subset of subnets need to communicate with each other, you control that with the org-wide-firewall that you find on the same page. But this only works for AutoVPN. If you need to control it for extranet-VPNs, you are out of luck and either don’t control the traffic into your network or move the VPN to a different device that is more capable in terms of extranet-VPNs.

Thank you for your responses. I also appreciate your opinions as well. Allow me to break this down, more.

I have a data center. In this data center, I have a server cluster. This server cluster is behind a Meraki MX that serves as the cluster's gateway to the internet and VPN concentrator for "branch" locations to access via site-to-site VPN connections.

My "branch" locations have 2 VLAN segregated subnets, one for their corporate network and another for their voice network. These VLANs are configured to not route between each other (no inter-vlan routing).

In my data center cluster, I have 2 VLAN segregated subnets; one for their corporate resources and another for their voice resources (PBX). These VLANs are configured to not route between each other (no inter-vlan routing).

I want to create 2 different tunnels. One to keep voice related traffic specific to the voice networks between sites and the other for corporate related traffic specific to corporate related networks between sites. I don't want to intermingle that traffic on 1 tunnel.

The diagram below is a bit more descriptive.

No.

Meraki will only allow you to have a single active SA with a remote VPN head end.

Also Meraki does not support VRFs to keep the routing spaces seperate.