Have you assigned ports to each VLAN?   Have the clients been configured to use the default gateway for the VLAN they are in? ... View more

https://documentation.meraki.com/MX/Site-to-site_VPN/Configuring_Site-to-site_VPN_between_MX_Appliances_in_Different_Organizations   ... View more

IPsec VPN's use UDP/500 and UDP/4500 (when behind NAT) to do the IKE exchange. When the negotiation is done data traffic is sent inside UDP/4500. Things to check if a NAT exists at one or both of the sides in front of the VPN device is that first. Does incoming UDP/500 or 4500 is getting through to the MX appliance?  You can check this by running packet captures. If traffic gets through both ways you can still have an issue with the IKE identifier that has to be modified.  Usually you will see that the negotiation fails in phase 1 at the authentication exchange. ... View more