Hi,
I´ve to configure a Site-to-Site VPN Tunnel between a Meraki MX and Non-Meraki VPN Peer...
On the MX there are a bunch of IP-Subnets configured locally but I only want to use one out of them as local one to communicate with the remote side! How can this be achived? Because if my understanding is correct per default all subnets org-wide are used or I´m wrong?
Solved! Go to solution.
Hi @whistleblower That is unfortunately a downside of the MX's. You could use the site-to-site firewall rules to restrict comms. I can't remember if its Org wide or just Network wide for the subnets piece.
OK, thanks for clarification!
I´d like to ask one more question regarding that topic... I always thought that in the Phase2 of a Site-to-Site VPN connection the parameters like the Local- and Remote IP-Subnets have to match on both VPN-Peers which should form the tunnel?! How does the Meraki MX know which local IP-Subnet the remote site VPN-Peer will need to know or is the MX sending all "enabled" VPN Networks in the Phase2 for a SA? If so, isn`t this a potential security issue when peering with Non-Meraki VPN peers?