Meraki

Community

AutoVPN key lifetime question

Solved
Chema-Spain
Getting noticed
‎Sep 15 2023 1:08 AM
‎Sep 15 2023 1:08 AM

AutoVPN key lifetime question

Hi,

 

In any SDWAN solution, the orquestrator provides SDWAN devices with the necessary "session keys" to establish data tunnels among them.

 

In AutoVPN, I would like to know the expected behaviour in a concrete situation:

 

I suppose those keys have a valid lifetime. What happens in case a MX is unregistered but its data plane is working fine when its key lifetime ends? How long can I expect AutoVPN could work without contacting to the Meraki cloud platform?

 

Sorry if this topic has already been discussed here. I took a quick look and found nothing.

 

Thanks!

 

0 Kudos
1 Accepted Solution
Brash
Kind of a big deal
Kind of a big deal
‎Sep 15 2023 4:42 AM
‎Sep 15 2023 4:42 AM

When you say unregistered, are you meaning unlicensed/unclaimed?

I don't know the answer but it seems to me that would be a very niche scenario.

 

For example, if the MX loses connectivity to the Meraki cloud but maintains site-to-site connectivity for whatever reason, it will reboot within 8 hours anyhow, causing the site-to-site vpn to go down.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Behavior_during_Conne...

View solution in original post

2 Replies 2
Brash
Kind of a big deal
Kind of a big deal
‎Sep 15 2023 4:42 AM
‎Sep 15 2023 4:42 AM

When you say unregistered, are you meaning unlicensed/unclaimed?

I don't know the answer but it seems to me that would be a very niche scenario.

 

For example, if the MX loses connectivity to the Meraki cloud but maintains site-to-site connectivity for whatever reason, it will reboot within 8 hours anyhow, causing the site-to-site vpn to go down.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Behavior_during_Conne...

In response to Brash
Chema-Spain
Getting noticed
‎Sep 15 2023 4:56 AM
‎Sep 15 2023 4:56 AM

Thanks Brash.

 

That is exactly what I wanted to know. 8 hours.

 

Unregistered means not accesible from the dashboard. This could not be such a corner case scenario. An internal meraki issue with device registration or a DNS attach could cause Org MX to lose control plane without losing data plane.

 

Thanks for your help.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.