Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Event logs: VPN Tunnel - FIPS mode disabled

Air-Marshal
Comes here often
‎Jul 27 2023 5:40 AM
‎Jul 27 2023 5:40 AM

Event logs: VPN Tunnel - FIPS mode disabled

Hi Team,

 

Would like to inform you that last couple of days VPN connectivity with our spoke site to our Hub sites were down, but yesterday it is came up again, as per checking event logs, we can see there is a msg FIPS mode disabled, after this tunnel connection is showing true (UP), could you please describe what was the issue and how it resolved, and if we receive the similar issue so what T/S steps we have to follow, thanks.

0 Kudos
Subscribe
9 Replies 9
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 27 2023 8:05 AM
‎Jul 27 2023 8:05 AM

Try this setup.

 

alemabrahao_0-1690393549728.png

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Air-Marshal
Comes here often
‎Jul 27 2023 11:29 PM
‎Jul 27 2023 11:29 PM

Hi Alema,

We are using auto vpn setup for our every sites.

0 Kudos
Subscribe
In response to Air-Marshal
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 28 2023 4:18 AM
‎Jul 28 2023 4:18 AM

Refer the documentation.

https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Meraki_Device_to_Clou...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
ww
Kind of a big deal
Kind of a big deal
‎Jul 27 2023 10:58 AM
‎Jul 27 2023 10:58 AM

Thats just a informational message. You see it always when you f.e. reboot your device or enable (auto)vpn. It doesnt have anything to do with your root cause.

 

I would advice you to create a meraki support case to help you finding the issue

Subscribe
In response to ww
Air-Marshal
Comes here often
‎Jul 27 2023 11:28 PM
‎Jul 27 2023 11:28 PM

Hi, I already logged the case with Meraki support team they sent this information.

 

AirMarshal_0-1690525664822.png

 

Hello Devendra,

Thank you for that information. It seems that your device is experiencing a rare but known issue that causes the MX68 device to reboot randomly on the firmware version it is currently on.

  • Could you please upgrade the device to MX 18.107.3 and monitor for any more issues?
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 27 2023 2:26 PM
‎Jul 27 2023 2:26 PM

Are you referring to AutoVPN, non-meraki VPN, or client based VPN, or something else?

0 Kudos
Subscribe
In response to PhilipDAth
Air-Marshal
Comes here often
‎Jul 27 2023 11:26 PM
‎Jul 27 2023 11:26 PM

Hi Philip,
This is AutoVPN. 

0 Kudos
Subscribe
In response to Air-Marshal
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 28 2023 2:09 PM
‎Jul 28 2023 2:09 PM

Does the WAN interface in your hub have a private IP address by chance, and is sitting behind a device doing NAT?

 

If so, configure a UDP port forward to the hub and configure AutoVPN to use it, and the problem will never happen again.

PhilipDAth_0-1690578565072.png

 

Subscribe
In response to PhilipDAth
Air-Marshal
Comes here often
‎Nov 17 2023 3:10 AM
‎Nov 17 2023 3:10 AM

Hi Philip,
I apologize for the late reply.
Our Hub WAN interfaces are having public IP addresses, actually we are having two hubs in active & standby mode, traffic goes from our primary hub and if there is any issue with primary hub traffic moves to secondary hub, all remote sites established VPN tunnel connection with both the Hub's, and for NAT traversal we use Automatic option.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.