Going sideways, the MX is not so strong with regard to non-Meraki site-to-site VPNs.   Have you thought about keeping the ASA for just these VPNs (no public IP change then), or moving them to something like StrongSwan running as a VM on an existing compute (I use StrongSwan a lot, it is free and very powerful). There is also the virtual ASA option (such as the Cisco vASA 10).  The virtual option is going to be around for a long time yet.  If you want to go newer, there are also the virtual Firepower units, and the baby Firepower units (which can also run ASA - just copy and paste config) like the Firepower 1010.   https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtual-appliance-asav/adapt-security-virtual-appliance-ds.html   https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw-virtual/threat-defense-virtual-ngfwv-ds.html   https://www.cisco.com/site/us/en/products/security/firewalls/firepower-1000-series/index.html   ... View more

Hello, we are facing the exact same error from months with some MR46E. We have done 2 firmware updates 31.1.16 and 31.1.17, but same behavior.   Has someone tested the new Beta version 32.1.1? ... View more

That was it. Of all the crazy. Maybe they should update this on the KB page to include what you shared.  Forwarding TCP 443/80 If a port forward for ports 443 or 80 is configured, you may be unable to reach the local status page via the MX's WAN IP address. Thanks again!  ... View more

I'm back up, thanks! ... View more