Meraki really needs to add this feature. Having to reboot is stupid. ... View more

yeah I see how this works, but this creates a problem: the internet firewall is now processing the decrypted internal traffic as well, because the MX decrypts the incoming traffic, and then routes it back to the internet firewall, which now routes the traffic back (again) to the internal network. This places an unnecessary load on the internet firewall to process additional traffic. ... View more

Yeah, went back through the procedure again, and found a typo in some of the information for the esim. Things appear to be working now. ... View more

I am 75% confident that IPS acts on all VPN traffic. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Traffic_Inspection     ... View more

"Meraki VPN" ist based on IPsec and L2TP. L2TP has additional overhead. Maybe you have a fragmentation problem? Check the MTU setting on client side. For Auto VPN the MX does Path MTU Discovery. I do not know if this is true for Client VPN, too. It is not possible setting the MTU on the MX manually. You have to contact the support for doing that. ... View more

I think you will have to do a cold swap.  It involves removing the existing MXs from the network and then adding the new.  You will need to re-set any static IPs if you have set them on interfaces and re-enable the site to site VPN, but pretty much everything else moves over.  The only other thing that normally needs doing is mapping old to new ports, but you are not in routed mode with VLANs, so that shouldn't be needed AFAIK. ... View more

Why does this seem backwards? ... View more

In this case, @GreenMan's explanations make perfect sense. ... View more