KRobert - Company B is spoke, in single arm mode. Regarding making a LAN port a L3 interface, how do you define the gateway/next hop? If I create a VLAN on the MX at Company B of 192.168.0.0/24 and give the MX an IP of 192.168.10.2, how do I tell it and Company A to use 192.168.10.1 (the actual Company B router) for everything? Karstenl - Maybe it is a NAT issue. The spoke works fine when in dual-arm mode, but flip to single-arm and it gets all kind of angry. To me it would seem weird that the VPN can establish in dual-arm mode but not establish in single arm mode. Also, my testing is with just the WAN port connected, I didn't move beyond that because of the lack of VPN connection. I can't place it in a DMZ because A) one may not exist and B) trying to make this as low config as possible. The desire was to just drop a single-arm Meraki into an office to bring in the tunnel. Then with just a static route on their network for return traffic (192.168.0.0/24 via MX LAN IP) the Company A location could access their entire 192.168.10.0/24 network. My goal is to not require separate internet or DMZ for the outside interface terminating the VPN. Trying to go with a cookie cutter method for unknown networks. It's a funky setup I know, but just trying out something new.
... View more