I'm having issue with non-meraki vpn peers connection after I upgrade to 15.42.1 from 14.53.
I was insisted to rollback the firmware after the upgrade. Just want to confirm is that really the problem ? I'm using ikev1 by the way.
or in this new firmware I need to use ikev2 ?
Please suggestion. Thanks.
Solved! Go to Solution.
You haven't provided enough information to help.
You can use IKEv1 or IKEv2. Both work.
Here is the details.
Cisco Meraki MX67
IKEv version : IKEv1
IP Sec Policies : AWS
Phase 1 Encryption : AES 128
Phase 1 Authentication : SHA1
Phase 1 DF Group : 2
Phase 1 LIfetime : 28800
Phase 2 Encryption : AES 128
Phase 2 Authentication : SHA1
Phase 2 PFS Group : 2
Phase 2 Lifetime : 3600
Pre-shared key : used
IKEv version : IKEv1
Phase 1 IKE Lifetime : 28800
Phase 1 Key Exchange mode : Main
Phase 1 Pre-Shared key : used
Phase 1 Encryption Algorithm : AES_CBC_128
Phase 1 Hash Algorithm : SHA1
Phase 1 DH Group : MODP1024
Phase 2 Encryption Algorithm : AES_CBC_128
Phase 2 Hash Algorithm : SHA1
Phase 2 PFS Group : MODP1024
What is the actual issue? VPN builds and fails, VPN never works, etc?
What do the logs on both ends say?
In Cisco Meraki, I got this log attached below.
For Grandstream GWN7000, I got this log attached below.
At the HQ side, it keeps deleting SA key. At the branch side, it keeps reconnecting and won't authorized. I suspicious that it has something to do with meraki settings. It works if I downgrade the meraki firmware to 14.53. After I upgrade, suddenly it won't connect.
I've just noticed it. Thank you for the help.
But what value do I need to fill in the remote ID field, because there is no local ID in the grandstream device. I've try to enter the Public IP and FQDN value but still won't work.
Any idea ?
It’s hard to say if the Grandstream doesn’t have a specific Local ID parameter. It could use its hostname, it’s IP address (the public one, or the private one), or some other parameter that you configure on the device. Have a look at the ‘non-Meraki VPN peers’ section of this document for some suggestions, https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings
Hey @endrianusgohan! I seem to be experiencing the same issue as you did, but haven't gotten mine to work. Could you provide me with the exact Remote ID config that you used on the MX? For example in my case the peer has public IP 207.16.X.X, and only a single LAN with the peer being 10.1.1.1 (10.1.1.0/24 being the remote subnet I am trying to reach). So in my case would I configure 10.1.1.1 as the Remote ID on the Meraki? Any clarity you can provide would be greatly appreciated!
Hi @RB___ ,
I use the private IP of the ONT Modem from the ISP of the remote non-meraki router.
If your IP is behind the NAT, you can use that Private IP Address as your remote ID.
You should try. Hope it works for you too.