Meraki

Community

Specific VLAN Ignore Default Non-Meraki VPN Peer

HE1
Comes here often
yesterday
yesterday

Specific VLAN Ignore Default Non-Meraki VPN Peer

Hi, 

 

So we have two IPSEC tunnels that are setup, one for Azure one for Umbrella. Umbrella is setup as 0.0.0.0/0 default route. 

 

We want all our VLANS except for one to go Umbrella. How do we go about excluding this one VLAN from defaulting to Umbrella?

 

We still want the VLAN we exclude to have the Azure access so it needs VPN to be enabled.

0 Kudos
2 Replies 2
Mloraditch
Head in the Cloud
yesterday
yesterday

Meraki does not support this. VLANs/Static Routes on MXs are only enabled for all VPNs or none. You would need another appliance (MX in a different org, firepower, 3rd party) to do this sort of VPN

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

You could consider using Secure Connect licencing (which includes Umbrella).  You might also be able to do this with Umbella SIG as well.

 

[Untested] You could then build a site to site VPN from Umbrella to Azure.  Umbrella would then be responsible for your routing.

 

Jump down to "Site Interconnect" in this document.  On the right hand side you can see that you can add IPSec connections from Umbrella to DCs.

https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco_Secure_Connect_-_Solution_Design_Overv...

 

There is some more more info about using IPSec with Umbrella here:

https://docs.umbrella.com/umbrella-user-guide/docs/tunnels

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.