Autoupgrade to MX16.16 and tunnel doens't work correctly anymore

Solved
Thane08
Conversationalist

Autoupgrade to MX16.16 and tunnel doens't work correctly anymore

Dear,

 

We have a Fortigate 1200D on 1 side and a cisco meraki MX84 version 14.53 on the other side.

The tunnel works fine now but when we upgrade to 16.16, doesn't work for some parts. The tunnel has status up but traffic from the fortigate is only allowed to 1 vlan of the cisco meraki.  There is no firewall policy blocking this traffic.

Because when we start traffic from cisco meraki from another vlan, we can ping from the fortigate to that new vlan.

When we rollback everything is back to normal.

Anybody with the same issue?

 

Kind regards

1 Accepted Solution
Thane08
Conversationalist

I changed ikev1 to ikev2 and now it's working again.

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

The RemoteID became mandatory from 15.x and up.  For 99% of cases, this will be the IP address configured outside your Fortigate (usually a public IP address, but it could also be a private IP address if the Fortigate is sitting behind something doing NAT).

 

Also, I think DES got disabled at some stage, in case you have ti configured to use that.

Thane08
Conversationalist

Hey,

 

Thanks for replying.

We use external IP adresses for both firewall.

We also don't use DES.

 

On the fortigate firewall I don't see any incoming data

 

Thane08_0-1652946846773.png

 

But the tunnel phase 1 & 2 are up and running.

 

We do use a VDOM (other than root) for this client on the fortigate.

 

Thanks in advance.

 

Thane08
Conversationalist

I changed ikev1 to ikev2 and now it's working again.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels