Meraki

Community

Non-Meraki Peer to vMX Site to Site VPN

vMXNoob
Getting noticed
2 weeks ago
2 weeks ago

Non-Meraki Peer to vMX Site to Site VPN

Hello all,

 

Question for you all I have created a non-meraki S2S VPN - I have control of both sides - The VPN is IKEv1

 

Phase 1 - Matches both sides

Phase 2 Matches both sides

PSK matches 

Remote IDs are correct each end 

Subnets are correct each side 

What ever i do i keep getting the following message on the quick mode (phase 2)

 

received INVALID_ID_INFORMATION error notify

 

The the VPN will show green in the meraki portal - but cannot pass any traffic

 

(The vmx) is in azure and nat'd as expected but i can see all the traffic pass to the device if i start a packet capture 

 

Any tips?

0 Kudos
5 Replies 5
Mloraditch
A model citizen
2 weeks ago
2 weeks ago

For the remote ID on the third party you  have the vMXs internal IP specified or whatever you've specified in the Local ID field?




In response to Mloraditch
vMXNoob
Getting noticed
2 weeks ago
2 weeks ago

Yes I did as I previously noticed when initially configuring the vpn the logs on the remote side were stating that the id was incorrect as I had the external ip when I changed it to the internal it brought up phase 1 of the sa’s

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

If the PSK includes extended characters - try making a simple ASCII PSK and see if that makes any difference.

 

Try simplifying down to using a single subnet combination and see if that makes any difference.

 

Keep removing complexity until you get it working, and then building it back up again.

In response to PhilipDAth
vMXNoob
Getting noticed
2 weeks ago
2 weeks ago

I have tried the psk to a simple configuration and single subnets still getting the following

 

received INVALID_ID_INFORMATION error notify

 

both devices are behind nat - but have captured packets and can see that they are talking to one another 🙂

0 Kudos
In response to vMXNoob
AnthonyN
Meraki Employee
Meraki Employee
Monday
Monday

Hey there,

 

The INVALID_ID_INFORMATION error means that the traffic selectors (subnets) did not match. Is one more specific than the other?

 

The VPN status is showing green because Phase 1 is up, this does not take into account of phase 2 unfortunately. 

 

If the traffic selectors match exactly then I'd suggest raising a ticket with the NMVPN vendor and Meraki support to see if there's anything weird going on.

---------------
If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.