cancel
Showing results for 
Search instead for 
Did you mean: 

Azure VPN (IKEv2) intermittent

Here to help

Azure VPN (IKEv2) intermittent

With IKEv2 (route-based) Azure VPN Gateway implementation the IIPSEC connection is flapping and being disconnected. Getting following event logs:

 

May 17 16:13:09 Non-Meraki / Client VPN negotiationmsg: <remote-peer-2|2796> CHILD_SA net-2{4534} established with SPIs cbc00e6e(inbound) 56318360(outbound) and TS 192.168.90.0/24 === 10.0.0.0/16
May 17 16:13:03 Non-Meraki / Client VPN negotiationmsg: <remote-peer-2|2796> IKE_SA remote-peer-2[2796] established between 203.54.xxx.xxx[203.54.xxx.xxx]...52.187.xxx.xxx[52.187.xxx.xxx]
May 17 16:08:41  time: 1558073318, pkts_recv: 141831, daq_analyzed: 141831  more »
May 17 16:05:24 Non-Meraki / Client VPN negotiationmsg: <remote-peer-2|2793> CHILD_SA net-2{4532} established with SPIs ce309784(inbound) aa7423e2(outbound) and TS 192.168.90.0/24 === 10.0.0.0/16
May 17 16:05:14 Non-Meraki / Client VPN negotiationmsg: <remote-peer-2|2793> IKE_SA remote-peer-2[2793] established between 203.54.xxx.xxx[203.54.xxx.xxx]...52.187.xxx.xxx[52.187.xxx.xxx]
May 17 16:05:14 Non-Meraki / Client VPN negotiationmsg: <remote-peer-2|2792> deleting IKE_SA remote-peer-2[2792] between 203.54.xxx.xxx[203.54.xxx.xxx]...52.187.xxx.xxx[52.187.xxx.xxx]

 

There is another tunnel between DrayTek Vigore and same Azure VPN gateway which is working fine. 

 

Anybody having issue like this?

 

Thanks

 

2 REPLIES 2
Highlighted
Building a reputation

Re: Azure VPN (IKEv2) intermittent

What version of firmware are you running on the MX? There's a thread from earlier this year that discusses a way to work with support to get 15.x to support IKEv2. Most of the changes to it, it looks like you're going to have to work with Support.

Here to help

Re: Azure VPN (IKEv2) intermittent

Running MX 15.13 and support activate IKEv2 from backend. But issue is the tunnel is not stable. 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.