Unfortunately, there are known compatibility issues this presents to certain vendors - strongSwan is the process Meraki devices utilize to build tunnels to non-Meraki devices and for L2TP/IPsec Client VPN - as some that continue to enforce the IKEv1 restriction of a single set of src/dst subnets per SA in their IKEv2 implementations. Such implementations generally respond to requests to key an IPsec SA by only using a single pair of subnets. When this happens, it blocks any further subnets from participating in the VPN until the SA expires.
... View more
