Yeah, went back through the procedure again, and found a typo in some of the information for the esim. Things appear to be working now. ... View more

I am 75% confident that IPS acts on all VPN traffic. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Threat_Protection#Traffic_Inspection     ... View more

"Meraki VPN" ist based on IPsec and L2TP. L2TP has additional overhead. Maybe you have a fragmentation problem? Check the MTU setting on client side. For Auto VPN the MX does Path MTU Discovery. I do not know if this is true for Client VPN, too. It is not possible setting the MTU on the MX manually. You have to contact the support for doing that. ... View more

I think you will have to do a cold swap.  It involves removing the existing MXs from the network and then adding the new.  You will need to re-set any static IPs if you have set them on interfaces and re-enable the site to site VPN, but pretty much everything else moves over.  The only other thing that normally needs doing is mapping old to new ports, but you are not in routed mode with VLANs, so that shouldn't be needed AFAIK. ... View more

Why does this seem backwards? ... View more

In this case, @GreenMan's explanations make perfect sense. ... View more

There are other communications that can use port 80:       ... View more

I would personally step through smaller steps.   Like the latest 10.x, then the current stable 11.x, and then go to 12.x. ... View more