I have the same issue, Can explain to me how you resolved?     ... View more

So I have a client with an existing MX84 with Enterprise license He buying more of these MX devices but now applying Advanced Security license to the new devices and this older device where Enterprise currently resides.. Whats the process and what happens to the old Enterprise license Ive read it is credited back in the form of time across the estate? ... View more

T-Mobile. That's probably it. ... View more

Thanks for your reply.    Another thing I found in testing is that when a Group Policy is applied directly to the client, the rules in the Group Policy seem to apply to vpn tunnel traffic.  It seems funny to me that a Group Policy behaves differently depending on whether it's applied to a Vlan Network or directly to a client.   ... View more

This sounds like a positive solution to our problem, I will change some settings on the MX devices to match your suggestion and feedback the result.   Thank you. ... View more

Meraki Hardware does need to check in every once in a while to work. While cloud connectivity is usually just used to manage the device, the Meraki hardware will think that something isn't right if it goes for extended periods without internet access and may reboot or revert to a known good configuration to try and "resolve" this lack of internet connectivity. ... View more

We programmed the dashboard with all appropriate IPs for the LAN interfaces. We then plugged the MX to an Internet connection to download the config. Then the MX was put on the MPLS network & we statically configured (from the setup page) the MPLS IP address. That didn't work. I called support & it was determined a router needed to be installed between the MX & MPLS.   The customer didn't want additional devices so we pulled the plug... so to speak 😉 ... View more

I would also like to be able to assign static IP's per VPN users.    The group policies are currently assigning per IP and if the user doesn't use the VPN for about a month, the IP gets assigned to someone else and they then have the wrong access.   Though I supposed @PhilipDAth suggestion of access per user account would solve that problem too. ... View more

thanks for the response.   Ya, i have raised a case with meraki support team. ... View more

Yes, still if the MX100 is just being used as a VPN concentrator it can be connected via the LAN interface of the ASA and put into to VPN concentration mode and act as the HUB for the Auto-VPN. The Secondary WAN (Internet) can be connected to the ASA as a secondary WAN interface for internet connectivity.   If the MX is to be acting as a NAT/Internet firewall with the ASA it'll need to be placed behind the ASA with some form of Layer 3 switch between the ASA/MX which will have routing enabled to route only specific routes over the EVPL connection and all other traffic to the MX for the Internet/Auto VPN.    You'll also have to configure the LAN VLANs on the MX for them to be advertised over the Auto-VPN connection and configure a static route for the LAN VLAN's on the MX to point to the layer 3 device.  ... View more

Well, I'd assume they call it a security device because although it doesn't have what they call "advanced" security (AMP etc), it still does have a firewall(layer-3 and layer-7). Maybe Site-to-Site VPN is also a type of security.   I know, not what you were hoping for, but perhaps still some value. ... View more

then as @ PhilipDAth recommended, 802.1x is your best bet. ... View more