Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

traffic not getting initiated from IKEv1 for non-meraki tunnel

Tishman
Here to help
2 weeks ago
2 weeks ago

traffic not getting initiated from IKEv1 for non-meraki tunnel

Hi Experts

 

I had created a site-to site tunnel with non-meraki device FTD with IKEv1 tunnel come up but for few traffic selectors traffic is not getting initiated from meraki but it works when initiated from FTD.

 

MX version 18.211.2

 

does anyone have any fix  as same is happening with IKEv2 when using FQDN.

 

Labels:
0 Kudos
Subscribe
6 Replies 6
Tony-Sydney-AU
Meraki Employee
Meraki Employee
2 weeks ago
2 weeks ago

Hello @Tishman 

 

Based on what you said, I suspect your Trafic Selectors (TS ; a.k.a. encryption domain) don't match exactly.

 

I.e.: MX side may have a /24 subnet while the other side has a /25 ; so it works if the other side initiates because MX TS is like a summary route. On the other hand, MX initiating doesn't work because the other side has a /25 more specific TS.

 

You may want to double-check with the network admin at the other side and make sure both sides are configured with the exact subnets as traffic selector (TS).

 

 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Subscribe
In response to Tony-Sydney-AU
Tishman
Here to help
a week ago
a week ago

both site A and site B managed by me so traffic selectors are same at both side it is random issue not facing continously 

0 Kudos
Subscribe
In response to Tishman
Tony-Sydney-AU
Meraki Employee
Meraki Employee
a week ago
a week ago

Hi, thanks for checking.

 

If it is random, maybe it is related to firmware.

 

Perhaps you can try latest patch in version 18.211.3. I hope you can also upgrade your non-Meraki VPN peer.

 

Have you checked firmware?

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Subscribe
Knowguy
Here to help
Wednesday
Wednesday

Looks like we have the same topic going in multiple locations now, for the latest head on over to https://community.meraki.com/t5/Security-SD-WAN/Traffic-not-getting-initiated-from-IKEv1-and-IKEv2-f... for continued discussion on non-Meraki IKEv1 not initiating traffic over tunnels.

Subscribe
In response to Knowguy
Tony-Sydney-AU
Meraki Employee
Meraki Employee
Wednesday
Wednesday

Yes, @Knowguy . That discussion is more complete. Firmware 18.211.3 don't fix this behaviour. @Tishman , feel free to post over there.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Subscribe
In response to Tony-Sydney-AU
Tishman
Here to help
Thursday
Thursday

Is there any way we can decrpt the pcap files taken for vpn traffic from meraki it will make more picture clear for this issue.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.