Event logs: VPN Tunnel - FIPS mode disabled

Air-Marshal
Comes here often

Event logs: VPN Tunnel - FIPS mode disabled

Hi Team,

 

Would like to inform you that last couple of days VPN connectivity with our spoke site to our Hub sites were down, but yesterday it is came up again, as per checking event logs, we can see there is a msg FIPS mode disabled, after this tunnel connection is showing true (UP), could you please describe what was the issue and how it resolved, and if we receive the similar issue so what T/S steps we have to follow, thanks.

9 Replies 9
alemabrahao
Kind of a big deal
Kind of a big deal

Try this setup.

 

alemabrahao_0-1690393549728.png

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Air-Marshal
Comes here often

Hi Alema,

We are using auto vpn setup for our every sites.

alemabrahao
Kind of a big deal
Kind of a big deal

Refer the documentation.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Meraki_Device_to_Clou...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ww
Kind of a big deal
Kind of a big deal

Thats just a informational message. You see it always when you f.e. reboot your device or enable (auto)vpn. It doesnt have anything to do with your root cause.

 

I would advice you to create a meraki support case to help you finding the issue

Air-Marshal
Comes here often

Hi, I already logged the case with Meraki support team they sent this information.

 

AirMarshal_0-1690525664822.png

 

Hello Devendra,

Thank you for that information. It seems that your device is experiencing a rare but known issue that causes the MX68 device to reboot randomly on the firmware version it is currently on.

  • Could you please upgrade the device to MX 18.107.3 and monitor for any more issues?
PhilipDAth
Kind of a big deal
Kind of a big deal

Are you referring to AutoVPN, non-meraki VPN, or client based VPN, or something else?

Air-Marshal
Comes here often

Hi Philip,
This is AutoVPN. 

PhilipDAth
Kind of a big deal
Kind of a big deal

Does the WAN interface in your hub have a private IP address by chance, and is sitting behind a device doing NAT?

 

If so, configure a UDP port forward to the hub and configure AutoVPN to use it, and the problem will never happen again.

PhilipDAth_0-1690578565072.png

 

Air-Marshal
Comes here often

Hi Philip,
I apologize for the late reply.
Our Hub WAN interfaces are having public IP addresses, actually we are having two hubs in active & standby mode, traffic goes from our primary hub and if there is any issue with primary hub traffic moves to secondary hub, all remote sites established VPN tunnel connection with both the Hub's, and for NAT traversal we use Automatic option.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels