IPsec Tunnel to VMware NSXv - Cant seeem to get it to work......

Im trying to setup a IPsec tunnel to a VMware NSXv but it fails.

We have tried IKEv1, IKEv2 but it just fails.


Has anyone ever tried to set this up ?


The config options are very limited in both ends (and the debugging options are horrible on the MX end), so we are kind of at a loss.


We think that it might be because the MX sends the configured nets as 3 packets (one for each net, proxy ID something), as to where the NSX sends one with all nets ?


Im at a loss....




I have never tried with NSXv but I have tried to setup vpn between two mx in different organizations, so had to use 3rd party vpn. 

I had quite a challenge to make it work, until I have found that the Private subnets advertised by Meraki has to be specified exactly as it is configured on the box. 


If you have configured two /24 networks, you should specify in the "Private subnets" the same two networks, you can't supernet them as one /23.


Maybe this helps.


Well that part I kinda knew 🙂


Its just so strange.

We simply cannot get this to work.

Just looking back on your comment around the MX sending the subnets as three packets, and NSX expecting them as one, have you tried just a single subnet?

Yeah, sorry we cant do that in this network at the moment.

Because its already also running a IpSec to Azure (that works just fine 🙂 ).


And lets say that worked, what should we do then ?

I dont really see a workaround 😕, but perhaps Im missing something.


I have tried some packet capture, to see if I could troubleshoot the problem , but all I see is the 6 initial packets back and forth, and then just an information packet. Then it starts over.



