Hi @mdubs91, The banner is simply alerting you that MX local VLAN subnets overlap with Non-Meraki peer Azure which is configured with a default route 0.0.0.0/0 on MX VPN config, this will cause all traffic (including internet) from VLANs taking part in VPN to go over the full tunnel to Azure. If this is your intended design to tunnel all traffic to Azure then that banner will be there for alerting purposes. Making changes to any routing configs to MX subnets like anyconnect routing for example will cause NM VPN tunnel to reinitialize hence you might see the drops for full tunnel traffic. Is Azure peer supposed to share a 0.0.0.0/0 subnet? If not, it's better to only have IPsec SAs between specific subnets that you want to reach from MX to Azure instead of tunneling all traffic. This will get rid of the banner and network connectivity drops.
... View more
