so Have a question on if I can do this and how, Have an ISP that has 2 blocks, their WAN block for their equipment is a /30, but they give us a /29 for our block of IPs.  We have an MX 100 we will be putting in.  In the past I've done this with a MS 350 switch where i created two different vlans, one for each block and then put in a zero route to point to the /30 gateway.  Then just drop whatever switchports into the /29 vlan and assigned the IPs to the equipment as needed. We don't have any MS switches here so I'm wondering can i do the same thing on the MX and be able to basically plug it in to itself that way?  Or is there an easier way?   Thanks in advanced. ... View more

Have a Azure vmx-m deployed with autovpn to a couple sites in same org without issue. We are wanting to create a site to site with a non meraki appliance.  On the VMX side I should be using whats showing for the public IP as the endpoint correct? Right now the wan shows the virtual network created in azure for it. I can't ping that address from anything. I believe all the transform sets match for IKEv1, only thing i see different is on the non meraki authentication they show Sha2-256, on meraki side, only SHA256. Not sure if that makes a difference.  ... View more

Never deployed in this configuration before, I've done single MX with dual wan, Is there a specific way to setup these MX in either hot spare or true LB config?   Its two MX 100 and two different ISP  ... View more

So we have an existing sonicwall stack that is going to be phased out, but because of the way its setup now(the network) we need to keep it as well as the existing dell switch stack.  We have the following equipment   2x Sonicwall in HA currently both plugged into breakout 4 dell PC switches in stack 1x MX84 2x MS120   at remote side there is a dumb netgear switch with fiber running to an old building being phased out that runs to this main building.. That fiber is going away.. Enter 1MX64 and MS120   So heres my dilemma.  2 subnets one each side, both gateways are the sonicwall interfaces.  10.20.156.x/10.20.160.x     Right now MX84 wan is plugged into dell switch with the fiber for 160 subnet, so its getting a dhcp address.  The other subnet is 100% static.  What I want to be able to do is   Plug MX Wan port into breakout switch, plug MS switches into mx(as they are), remove the uplink from mx to the dell switch.  Have native vlan 1 be the 10.20.156.x and a voice vlan of 10.20.20.x. Currently vlan1 on meraki is the default 192.168.168.x that comes with it. and at the remote side, have a auto-vpn to the mx and still access data on the 10.20.156.x subnet(domain services) as I said the gateway for the sonicwall.  If I create the 160 subnet on the remote Mx64 where do i need a route across the vpn?  Do i need that 160 on an interface on the mx84 as well? Since the sonicwall is already doing DHCP for that subnet, could it still do it across vpn? Trying to wade through the best way to do this. Any clarity would be much appreciated     ... View more

so not sure what I can do here.  Basically this is the setup.  Have an asa at corp site, with a bunch of asa's at other sites and just now using MX at a few new sites.  Network is like this each site has 3 networks, one for data, voice and wireless...data goes 10.0.site number.0   voice  172.17.site number.0  wireless is whatever.  so in this example two sites   10.0.60.0/24 172.17.60.0/24   10.0.70.0/24 172.17.70.0/24   both advertised in vpn, but the remote subnet of the meraki peer have private subnets being written as summarized.  so    10.0.0.0/15 172.17.0.0/16   when i try to save the config on the MX i get this:   The changes you requested require confirmation. Please review the following list The VLAN subnet 172.17.70.0/24 overlaps with a remote VPN subnet on the non-Meraki peer Corp00 (172.17.0.0/16). IP traffic will be routed to the smallest subnet that contains the IP address. The subnet on the non-Meraki peer Corp (172.17.0.0/16) overlaps with a subnet on the network 60 LOC - appliance (172.17.60.0/24). IP traffic will be routed to the smallest subnet that contains the IP address.   it won't save but  I can still ping across.  Is there a way to do this so that the voice can talk to what it needs to? ... View more