Would appreciate some assistance as this is the first leap into site to site VPN.
We have an MX64, the remote site (customer) has an ASA Cisco VPN, these are added as non-meraki peers, in VPN status the green light is on for both VPN connections.
Now if I try to contact an IP in the VPN sub net, I cannot get a response.
If I tracert then it seems the request goes to the MX64 (as gateway) and dies there.
If I try to tracert to the remote VPN router then it seems to trace OK.
We have Windows AD / DHCP / DNS if that makes any difference...
Do you have the IP (subnets) of the remote networks you are trying to reach in the 'Private Subnets' section of your Non Meraki VPN Peers. I believe you also need to make sure the subnet suffix matches on each side. For troubleshooting support can also do a capture in the VPN tunnel so you can verify if your traffic is actually going over the tunnel to their side or truly dropping at the MX.
Yes I have private subnets for each remote machine defined in the manager.
There are 2 - 3 on each VPN, defined as x.x.x.x/32 and comma separated.
I'll see what can be captured at the far end, the config was supplied to me so I would *hope* it is correct at that end!
as a /32? that wont work, thats just to one host. you need to define the subnet so it knows where/what to route.
It would work if they have a /32 configured on the far side. But I'd agree that is less likely.
Thanks for the replies.
Issue now solved.
Turned out to be routing on the other side, due to reasons of how the customer does this we basically were not getting responses from the target machine. But they have checked/amended the routing and now we get replies.
Turns out the Meraki VPN setup was fine all along 😉