https://documentation.meraki.com/MX/Site-to-site_VPN/IKEv1_and_IKEv2_for_non-Meraki_VPN_Peers_Compared#IKEv2 It's not that there can only be one subnet, it's that both sides need to be able to support building a single IPsec tunnel that encompasses each source and destination. The upside is that this scales a lot better, and is far easier to troubleshoot. The downside is, some vendors have been having to play catchup to the IKEv2 standard, and still impose the "one pair per IPsec tunnel" rule that existed in IKEv1. Last I heard, ASA was working on a new release that should resolve this, but I don't have any more info on what that looks like, or if it's out yet.
... View more