Issues with comm from client VPN network to non-Meraki s2s peer
Maybe you will have idea what is wrong with my tunnel?
I have Meraki vMX in Azure. There is also Client VPN configured with subnet 10.10.10.0/24. All my Azure resources are in 10.3.0.0/16 subnet. Then I have ipsec tunnel to non-Meraki peer (some cisco ASA). For almost a year all was working fine, then suddenly I lost comm from client vpn network 10.10.10.0/24 to remote networks behind this non-Meraki peer. I did not change config, remote side neither.
Tunnel is up and I have no issues at all with comm from 10.3.0.0/16 to remote networks. I'm in contact with Meraki support - they are saying "traffic from 10.10.10.0/24 is routed through tunnel correctly". Support from remote site is saying "we don't see any traffic from 10.10.10.0/24 network going towards us through the tunnel and because of that SA between this network and our network is not building up". Which makes sense as if they initiate traffic from their subnet to my 10.10.10.0/24 subnet SA is building up and we have comm for about an hour until its terminated: Connection terminated for peer [my public ip]. Reason: IPSec SA Idle Timeout Remote Proxy [remote subnet], Local Proxy 10.10.10.0
I have a Dumb question Are all the needed subnets on the allowed list on each Firewall site-to-site configuration? (you have Azure subnet 10.3.0.0/16, then your local subnet x.x.x.x and the Client VPN 10.10.10.0/24) you should have all those IPs on the allow on each point so they can accept that traffic.