There are a couple of ways to handle tags (The article assumes more than one MX, so the location tags are never removed/deleted hence they always exist in another network). You can accomplish this by having an empty network hold the tags so they always exist. 1. Create a VPN config holding network: (Network itself should not contain an MX - Good in the case only 1 MX has VPN config) Organization > Create Network > Select Security appliance name "VPN Tag Hold" 2. Add a tag to the network ^ ie. [location]_primary_up and [location]_backup_up Never remove the tags from this network, so they always exist. 3. Apply this tag to the multiple Non-Meraki Peers availability section This will hold the Non-Meraki VPN peers config as you switch real network availability tags as it cannot be empty. Then you can assign and remove the tags from the live MX network to fail between them without the error they don't exist. The other option would be to have a hold network and a tag per location that represent the MX location itself. You would then have a VPN configuration in the availability will always have a holding tag from the network that's not used such as vpn_tag_hold (This merely maintains the configuration available in the site to site vpn Non-Meraki peers section. From there you could always just add/remove the specific network's availability tag (ie. if primary is down, you'd use [location]_backup_up tag in the 2nd 3rd party peer however if the primary is up this config would be removed and you'd have [location]_primary_up in the 1st 3rd party peer availability section) Cheers, -Raul
... View more