So we have an existing sonicwall stack that is going to be phased out, but because of the way its setup now(the network) we need to keep it as well as the existing dell switch stack.  We have the following equipment   2x Sonicwall in HA currently both plugged into breakout 4 dell PC switches in stack 1x MX84 2x MS120   at remote side there is a dumb netgear switch with fiber running to an old building being phased out that runs to this main building.. That fiber is going away.. Enter 1MX64 and MS120   So heres my dilemma.  2 subnets one each side, both gateways are the sonicwall interfaces.  10.20.156.x/10.20.160.x     Right now MX84 wan is plugged into dell switch with the fiber for 160 subnet, so its getting a dhcp address.  The other subnet is 100% static.  What I want to be able to do is   Plug MX Wan port into breakout switch, plug MS switches into mx(as they are), remove the uplink from mx to the dell switch.  Have native vlan 1 be the 10.20.156.x and a voice vlan of 10.20.20.x. Currently vlan1 on meraki is the default 192.168.168.x that comes with it. and at the remote side, have a auto-vpn to the mx and still access data on the 10.20.156.x subnet(domain services) as I said the gateway for the sonicwall.  If I create the 160 subnet on the remote Mx64 where do i need a route across the vpn?  Do i need that 160 on an interface on the mx84 as well? Since the sonicwall is already doing DHCP for that subnet, could it still do it across vpn? Trying to wade through the best way to do this. Any clarity would be much appreciated     ... View more

so not sure what I can do here.  Basically this is the setup.  Have an asa at corp site, with a bunch of asa's at other sites and just now using MX at a few new sites.  Network is like this each site has 3 networks, one for data, voice and wireless...data goes 10.0.site number.0   voice  172.17.site number.0  wireless is whatever.  so in this example two sites   10.0.60.0/24 172.17.60.0/24   10.0.70.0/24 172.17.70.0/24   both advertised in vpn, but the remote subnet of the meraki peer have private subnets being written as summarized.  so    10.0.0.0/15 172.17.0.0/16   when i try to save the config on the MX i get this:   The changes you requested require confirmation. Please review the following list The VLAN subnet 172.17.70.0/24 overlaps with a remote VPN subnet on the non-Meraki peer Corp00 (172.17.0.0/16). IP traffic will be routed to the smallest subnet that contains the IP address. The subnet on the non-Meraki peer Corp (172.17.0.0/16) overlaps with a subnet on the network 60 LOC - appliance (172.17.60.0/24). IP traffic will be routed to the smallest subnet that contains the IP address.   it won't save but  I can still ping across.  Is there a way to do this so that the voice can talk to what it needs to? ... View more

so Have  few vlans that for the most part standalone.  i have 2 vlans created that we use for wireless...one for employee and one for guest, employee is allowed to talk to local lan, while guest is prohibited. But whats odd is if i put a pc and plug into an MS switchport on that guest vlan it can talk to any vlan.  I assume this has to do with the wireless marshalling is being done based on SSID and not Vlan, so There probably needs something to restrict it on the MX/MS ... View more