All MX security appliances within the same organization will be able to use our AutoVPN feature to establish a Site-to-site VPN between themselves. However, if two MX Security Appliances are in separate organizations, they will not be able to set up an automatic VPN. They must be configured as if they were non-Meraki peers.
This article outlines the basic configuration steps necessary to establish a site-to-site VPN tunnel between MX devices in different organizations.
Setting up a VPN tunnel between MXes in different orgs requires the use of the third-party VPN section of the MX Dashboard. This can be found under Security appliance > Configure > Site-to-site VPN > Non-Meraki VPN Peers.
In both organizations, click the "Add a peer" link. Fill out this entry as if the other MX were a 3rd party device, where each field should be configured as follows:
This process would need to be repeated for each remote/local MX pair as desired. The image below shows an example of an MX to MX VPN connection when the devices are in different Organizations:
Since this VPN tunnel is functionally the same as a tunnel to a third-party peer, the same restrictions and caveats apply, including the following notable caveats:
For more information about site-to-site VPN tunnels and troubleshooting: