Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Daily and Weekly VPN Drops But Probably Caused by Remote Device

MarcW
Here to help
a week ago
a week ago

Daily and Weekly VPN Drops But Probably Caused by Remote Device

I have 10 MX's that all talk to the same remote device.  Many mornings, I will lose some of my site to site VPN connections to the non-Meraki peer. 

 

What can I change/ extend such that the MX's will keep trying longer to maintain the connection even if it is the remote device dropping it?  Usually, a power cycle on either end reestablishes the connection. 

 

 

Labels:
0 Kudos
Subscribe
9 Replies 9
Tony-Sydney-AU
Meraki Employee
Meraki Employee
a week ago
a week ago

Hi @MarcW ,

 

Sounds like your non-Meraki peer is turning the tunnels off due to no activity.

 

Meraki devices send special DPD vpn packets to keep the tunnels alive when there's no traffic. However, not all VPN peers reply to DPD.

 

Therefore, the best way to keep site-to-site tunnels UP is generating interesting traffic - e.g.: a continuous ping from a host inside a local subnet into a destination at the other side.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Subscribe
RaphaelL
Kind of a big deal
Kind of a big deal
a week ago
a week ago

Hi ,

 

This is the 3rd time I'm seeing this. MarcW , Myself and https://community.meraki.com/t5/Security-SD-WAN/Traffic-not-getting-initiated-from-IKEv1-and-IKEv2-f...

 

Are you running MX 18.2 by any chances ?

Subscribe
In response to RaphaelL
MarcW
Here to help
Tuesday
Tuesday

4 of the 5 are due for the update.  Coordinating that change with my local admin as we speak. 

 

What we saw were UPLINK notices almost daily for a mix of MXs.  When I started looking for events, there were no fails.  When I called the local admin, he said he'd been using the reboot as a workaround to address the issue.  I was relieved that the MXs weren't "failing" several times a week - lol - but I had to then change my approach after identifying the real issue. 

 

After I update the firmware, we'll see if there are any latency/ packet drop accommodating settings to implement. 

0 Kudos
Subscribe
cmr
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

How about putting an MX at the other end? 😉

0 Kudos
Subscribe
In response to cmr
MarcW
Here to help
Tuesday
Tuesday

🙂 if only they were our direct client. 

Subscribe
MarcW
Here to help
Thursday
Thursday

Firmware updated - no joy

Continuous ping - no joy

 

At this point, with the same behavior across 8+ site to site connections to a single destination, dropping the same way (and possibly same happening to other businesses) and needing reboots every other day or so, I am going to conclude it is them, not us.  Thanks!!

0 Kudos
Subscribe
In response to MarcW
RaphaelL
Kind of a big deal
Kind of a big deal
Thursday
Thursday

What version were you running prior to the upgrade ?

0 Kudos
Subscribe
In response to RaphaelL
MarcW
Here to help
Thursday
Thursday

18.211

0 Kudos
Subscribe
In response to MarcW
RaphaelL
Kind of a big deal
Kind of a big deal
Thursday
Thursday

Great. So every one on MX 18.107 or 18.211 seems to be having the same issues. Somehow support doesn't know that it is affecting multiple clients. Curious.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.