Meraki

Community

Daily and Weekly VPN Drops But Probably Caused by Remote Device

MarcW
Here to help
‎Sep 9 2024 2:39 PM
‎Sep 9 2024 2:39 PM

Daily and Weekly VPN Drops But Probably Caused by Remote Device

I have 10 MX's that all talk to the same remote device.  Many mornings, I will lose some of my site to site VPN connections to the non-Meraki peer. 

 

What can I change/ extend such that the MX's will keep trying longer to maintain the connection even if it is the remote device dropping it?  Usually, a power cycle on either end reestablishes the connection. 

 

 

Labels:
0 Kudos
9 Replies 9
Tony-Sydney-AU
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Sep 9 2024 5:29 PM
‎Sep 9 2024 5:29 PM

Hi @MarcW ,

 

Sounds like your non-Meraki peer is turning the tunnels off due to no activity.

 

Meraki devices send special DPD vpn packets to keep the tunnels alive when there's no traffic. However, not all VPN peers reply to DPD.

 

Therefore, the best way to keep site-to-site tunnels UP is generating interesting traffic - e.g.: a continuous ping from a host inside a local subnet into a destination at the other side.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
RaphaelL
Kind of a big deal
Kind of a big deal
‎Sep 9 2024 7:28 PM
‎Sep 9 2024 7:28 PM

Hi ,

 

This is the 3rd time I'm seeing this. MarcW , Myself and https://community.meraki.com/t5/Security-SD-WAN/Traffic-not-getting-initiated-from-IKEv1-and-IKEv2-f...

 

Are you running MX 18.2 by any chances ?

In response to RaphaelL
MarcW
Here to help
‎Sep 10 2024 8:59 AM
‎Sep 10 2024 8:59 AM

4 of the 5 are due for the update.  Coordinating that change with my local admin as we speak. 

 

What we saw were UPLINK notices almost daily for a mix of MXs.  When I started looking for events, there were no fails.  When I called the local admin, he said he'd been using the reboot as a workaround to address the issue.  I was relieved that the MXs weren't "failing" several times a week - lol - but I had to then change my approach after identifying the real issue. 

 

After I update the firmware, we'll see if there are any latency/ packet drop accommodating settings to implement. 

0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎Sep 10 2024 7:19 AM
‎Sep 10 2024 7:19 AM

How about putting an MX at the other end? 😉

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
MarcW
Here to help
‎Sep 10 2024 8:48 AM
‎Sep 10 2024 8:48 AM

🙂 if only they were our direct client. 

MarcW
Here to help
‎Sep 12 2024 9:39 AM
‎Sep 12 2024 9:39 AM

Firmware updated - no joy

Continuous ping - no joy

 

At this point, with the same behavior across 8+ site to site connections to a single destination, dropping the same way (and possibly same happening to other businesses) and needing reboots every other day or so, I am going to conclude it is them, not us.  Thanks!!

0 Kudos
In response to MarcW
RaphaelL
Kind of a big deal
Kind of a big deal
‎Sep 12 2024 9:50 AM
‎Sep 12 2024 9:50 AM

What version were you running prior to the upgrade ?

0 Kudos
In response to RaphaelL
MarcW
Here to help
‎Sep 12 2024 10:12 AM
‎Sep 12 2024 10:12 AM

18.211

0 Kudos
In response to MarcW
RaphaelL
Kind of a big deal
Kind of a big deal
‎Sep 12 2024 10:29 AM
‎Sep 12 2024 10:29 AM

Great. So every one on MX 18.107 or 18.211 seems to be having the same issues. Somehow support doesn't know that it is affecting multiple clients. Curious.

0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.