Meraki

Community

AnyConnect VPN and non-Meraki VPN peer

bkrautner
Getting noticed
‎Feb 15 2024 9:38 PM
‎Feb 15 2024 9:38 PM

AnyConnect VPN and non-Meraki VPN peer

Hello,

 

Have a customer where we have set up a non-Meraki VPN peer to a 3rd party provider (3PP) who is using a Fortinet FW. This has been working and 3PP can see devices on the the customer LAN segment on the Meraki MX75.

Recently, customer has requested set up of an AnyConnect VPN using Meraki authentication, which I added.

As per what I would believe to be normal BAU standards, I then enabled AutoVPN for the new AnyConnect service, did a simple test from phone based AnyConnect and established a session. Thinking all was good, left it at that.


Then received message from 3PP that the non-Meraki VPN peer tunnel had gone down. Checked dashboard, and yes it was. Disabled AutoVPN for the AnyConnect service, and tunnel came back up.

Is this a known issue that we can't have a non-Meraki VPN peer and AnyConnect up at the same time?

Regards,

 

Bob

0 Kudos
3 Replies 3
MasG
Meraki Employee
Meraki Employee
‎Feb 16 2024 1:21 PM
‎Feb 16 2024 1:21 PM

Hello Bob, 

 

We are currently not aware of a known issue that affects the ability to have a non-Meraki VPN peer and AnyConnect up at the same time. 

We recommend to contact our Technical support for help in troubleshooting the issue. You can open a case by emailing support@meraki.com or call our support line +1 (415) 937‑6671.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 16 2024 1:42 PM
‎Feb 16 2024 1:42 PM

> then enabled AutoVPN for the new AnyConnect service

 

What would have happened is the remote party would now see the AnyConnect subnet as part of the encryption domain - but they don't have it configured the same way - so the VPN negotiation would now fail.

 

You either need to leave it out of AutoVPN, or ask the remote party to add AnyConnect to the encryption domain for you at the same time as you enable it for AutoVPN.

 

In response to PhilipDAth
bkraut
Here to help
‎Feb 18 2024 12:34 AM
‎Feb 18 2024 12:34 AM

Hello,

 

Thank you for your time and reply. Yes, that’s makes perfect sense. The problem did seem to occur after AutoVPN was enabled for the AnyConnect range. 

 

I will speak to the end customer tomorrow and see which way they would like to proceed. 

Kind regards 

 

Bob Krautner 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.