Meraki

jay_b · ‎Nov 9 2021

We have 6 tunnels to AWS (pair of 2). Each tunnel has it's backup tunnel to AWS. On 14.53 version we have all 6 tunnels up and running with IKEv1 but when we switchover to 15.42 and 15.44 we encountered same issue. Only 1 tunnel is staying up and backup tunnel is not coming up. On 15.42 and 15.44 we were using IKEv1 too.

Does anyone using AWS with IKEv2 on 15.xx version ?

jay_b · ‎Nov 9 2021

1 and 2 tunnels are identical except public IP. Local subnets are same for 1 and 2.

PhilipDAth · ‎Nov 9 2021

I don't think that should work. So it may be that before it wasn't working correctly by bringing up both tunnels - and now it is working correctly by allowing only one tunnel to come up.

Make sure you have filled out the remote peer ID in the Meraki dashboard to be equal to the public IP address of the remote Amazon peer.

jay_b · ‎Nov 9 2021

@PhilipDAth Thanks for your response. So only 1 tunnel should be working either 1 or 2 ?

Also just to be clear remote ID scenario. Should it be like this ?

PhilipDAth · ‎Nov 9 2021

Yes.

jay_b · ‎Nov 9 2021

I will keep that in mind. Thank you

@PhilipDAth I also had same question for site to site tunnel with Fortinet. What should be remote ID for that. We tried public and private IP both but didn't work. Any Idea ?

PhilipDAth · ‎Nov 9 2021

You would need to ask the Fortinet people what ID they are presenting for authentication. The ID is just a string. Some people use domain names, email addresses, etc. It is just a string.

jay_b · ‎Nov 9 2021

Ok thank you. I will ask Fortinet support.

jay_b · ‎Nov 24 2021

Hello @PhilipDAth

I've reached out to Fortinet support but it looks like Fortigate only allows to set local ID on aggressive mode only not in main mode.

I know in 15.44 aggressive mode is not allowed for site to site vpn tunnel , is it same case with 16.14 ?

Meraki

Community

AWS site to site VPN on 15.44

AWS site to site VPN on 15.44