cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN Hubs connecting automatically

SOLVED
Highlighted
Conversationalist

VPN Hubs connecting automatically

Our organization is using MX firewalls in a mixed environment with ASA and others.  When we enable VPN to establish a non meraki peer tunnel the meraki devices connect to each other.  I am wondering if there is a way to disable this feature.  In speaking with support it was suggested to create organizations for each network, but this would make management much more difficult.  Does anyone know how to stop MX devices from automatically establishing vpn connectivity to one another?

1 ACCEPTED SOLUTION

Accepted Solutions
Building a reputation

Re: VPN Hubs connecting automatically

I think it rather has to do with the fact that the Meraki MX is not the hub site but rather a spoke.  But in the VPN config you need to at least enable one MX as a hub and let every other MX connect to at least one hub.  So you're forced to have that extra VPN connection even though you don't have the intention of using it.

So it's rather an architectural issue because you can't really enable autoVPN unless support has a way to do this?

10 REPLIES 10
Kind of a big deal

Re: VPN Hubs connecting automatically

Is this not what you are looking for?

 

S2S VPN Off.jpg

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Kind of a big deal

Re: VPN Hubs connecting automatically


@Uberseehandel wrote:

Is this not what you are looking for?

 

S2S VPN Off.jpg


What's the (disabled)? Is that just part of the name of the network?

Kind of a big deal

Re: VPN Hubs connecting automatically

(disabled)

 

definitely not part of the name

 

From the other end of the S2S link

 

S2S VPN Spoke.jpg

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Building a reputation

Re: VPN Hubs connecting automatically

I think it rather has to do with the fact that the Meraki MX is not the hub site but rather a spoke.  But in the VPN config you need to at least enable one MX as a hub and let every other MX connect to at least one hub.  So you're forced to have that extra VPN connection even though you don't have the intention of using it.

So it's rather an architectural issue because you can't really enable autoVPN unless support has a way to do this?

Conversationalist

Re: VPN Hubs connecting automatically

Thanks Joe.  That is the way I have configured now.  I have one office which they actually benefit from connecting to as there is a domain controller  on prem so it is actually providing some additional AD replication.

 

Thanks for your help and taking the time to reply.

Here to help

Re: VPN Hubs connecting automatically

The way to do this would be to go out to your edge MX´s and configure them as spokes, when you have selected spoke you scroll down the same page to Org.wide setting where you will find the NON-Meraki VPN peer. Here you can add the VPN hubs or concentrators needed. Since the MX have no Meraki VPN hub that promotes VLANS it should not connect to each other either.

Kind of a big deal

Re: VPN Hubs connecting automatically


@Kenneth wrote:

The way to do this would be to go out to your edge MX´s and configure them as spokes, when you have selected spoke you scroll down the same page to Org.wide setting where you will find the NON-Meraki VPN peer. Here you can add the VPN hubs or concentrators needed. Since the MX have no Meraki VPN hub that promotes VLANS it should not connect to each other either.


As @GIdenJoe correctly states, you're obliged to select at least one hub. So you can't set all as spoke.

Building a reputation

Re: VPN Hubs connecting automatically

@Kenneth , I haven't seen the possibility to do that.  When configuring as spoke you need to define a hub of it doesn't take the config.

Conversationalist

Re: VPN Hubs connecting automatically

Thanks I realize that.  I was asking if there were a way to disable other than moving the network to another org which was tier 1's solution.

Conversationalist

Re: VPN Hubs connecting automatically

Thanks,  I have it configured in this manner now.  I appreciate the help.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.