@SaravananShan based on your scenarios I don’t believe that the MX is going to be the best choice for you. The VPN to non-Meraki peers, although very functional, does not provide much in the way of customisation - in-line with Meraki’s ‘simple’ approach. You may well be best off putting a third party VPN head-end/firewall behind the MX to perform the functions you describe. Here’s my thoughts on your scenarios: Scenario 1: the encrypted traffic is defined by the addresses that you ‘include’ in the VPN, these are either locally defined subnets on a VLAN or a static route. Scenario 2: for each Meraki network the IP addresses encrypted are as Scenario 1. Although the non-Meraki peer is defined globally only local Meraki network IP addresses are encrypted. You can defined multiple tunnels to the same destination (with different remote subnets) and ‘tag’ them so they’re only established from certain Meraki networks - remember non-Meraki VPN routes aren’t passed across the AutoVPN. Scenario 3: there is no capability for NATing on non-Meraki VPN tunnels.
... View more
