Hi all,
Recently deployed 3 vMX100 on AWS and a few MX68 and Z3. AutoVPN are NOT establishing connection to the vMX100 (all 3 PVCs) when the MX68 and Z3 are on broadband networks (test at 3 locations), Spectrum, Xfinity, and Version Fios. AutoVPN does established connections between the MX68 and Z3. If I connected the Z3 in the office network, all AutoVPN are established. Is this an issue with AWS or Meraki? Package capture doesn't shown the return traffic from AWS. Have anyone experienced this issue and if have found the root cause. Thank you.
Solved! Go to Solution.
I rebuilt the vMX100 with an elastic IP, as AWS unfriendly NAT did not working out well without the elastic IP
I've never had any issues myself.
My best guess is you have an AWS security policy not allowing the traffic.
Does the dashbard show that the vMX is online?
Does the dashboard show that the vMX is registered as a VPN end point?
Thanks for the input. Yes, the vMX are online, as others MX68 at satellite offices are established VPN and passing traffic. Only if I take the Z3 home connected to my xfinity modem (and Verizon Fios and Spectrum broadband in Columbus) that the VPN NOT established to AWS vMX100. But it does established to others MX68 sites.
On the Meraki side, there are no firewalls rules. There are firewall rules on the broadband modems (I assume), but the Z3 are able to established VPN to other MX68. So the broadband modems does allow UDP traffic for MX68 VPN connections.
So the three locations experienced issue are using 192.168.0.0 and NATed on the modem. The corporate networks are using 10.0.0.0. Where on AWS vMX security policy that control the peer WAN uplink private IPs?
I rebuilt the vMX100 with an elastic IP, as AWS unfriendly NAT did not working out well without the elastic IP