Is there a way to search for/display any networks with a VPN Peer with no connectivity

craig-lantech
Conversationalist

Is there a way to search for/display any networks with a VPN Peer with no connectivity

Back ground is we look after a Meraki Org with over 600 networks in it, mostly spread across 3 templates (plus there are 3 other templates). Security Appliances are connected to a variety of connections as primary WAN - ADSL, VDSL, Fibre, Radio link, and cellular (ADSL, VDSL and Fibre sites have cellular backup - internal SIM - where there is coverage), depending on what is available at site.

 

There are 2 VPN Hubs in different datacenters, and each template points to both Hubs but the order differs between templates.

 

Due to the number of sites, and the types of connections which give frequent issues (old copper in the ground, electric fences, cellular dropouts etc etc) we do not alert on VPN Connectivity changes. If I look at the Hubs VPN Status page it shows networks with full connectivity (green), that when I look at some of those networks VPN Status page, it shows the same Hub Peer as red (no connectivity). So dashboard itself is less than useful for this when it displays contradicting information.

craig-lantech_0-1617859132668.pngcraig-lantech_1-1617859203636.png

 

There are a lot of other network elements in play in the larger picture, but long-story-short - we are looking for a way to search for or display just those Networks where one of the Peers is showing No Connectivity so that the client can investigate their network for why. Does anyone know of an easy way to achieve this? Thanks.

 

 

Regards,
Craig

1 REPLY 1
Bruce
Kind of a big deal

Re: Is there a way to search for/display any networks with a VPN Peer with no connectivity

I think you're going to have to resort to some scripting and using an API call to grab that sort of information. It appears everything you need is available in these two endpoints:

 

/organizations/{organizationId}/appliance/vpn/statuses (https://developer.cisco.com/meraki/api-v1/#!get-organization-appliance-vpn-statuses)

/organizations/{organizationId}/appliance/vpn/stats (https://developer.cisco.com/meraki/api-v1/#!get-organization-appliance-vpn-stats)

 

It'll just need some work to see what changes when a peer goes down (and what doesn't), so you can find and report the issue. My gut feel is that you're going to have to look at the stats for a small timespan to asses with a particular peer is up or down. Although you may get lucky and be able to assess the 'merakiVpnPeers' in the Statuses, depends whether its purely 'reachable' or 'non-reachable', or whether there is an intermediate step, 'impaired'.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.