Hello, You can tag Non Meraki VPN configurations so only certain MX's or vMX's get the tunnel configuration: https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Peer_Availability In terms of the other questions I'm not really following the design, it might be beneficial to get a network diagram drawn up and make a support case and share the diagram with them and what your hoping to accomplish.
... View more
