I have 3 MX boxes each of them are MX450, MX250 and MX84. I have successfully peered site to site vpn with all boxes where MX450 and MX250 act as hub and MX84 as spoke.
Lan to Lan communication between MX250 and MX84 have no issues where both ends station communicate with eachother. However stations behind MX250 and MX84 fails to connect to stations behind MX450.
I can see packets received and sent by stations behind MX450 but failed to connect. I suspect MX450 is blocking from somewhere but didnt find any clue. Upgraded firmware to latest stable release too.
Stations behind MX250 and MX84 can ping to the LAN interface IP of MX450 though but not to the it's lan stations.
Need idea to troubleshoot the issue.
Solved! Go to Solution.
Is the subnet, in which the MX450's stations are, included in the AutoVPN? In other words, is the dropdown menu set to yes:
Do you have any site-to-site firewall rules configured that might be blocking the traffic:
Do the devices in the MX450 subnet have the MX450 address as default gateway? Can they ping the MX450?
Yes the drop down is selected as yes.
Like i said before, vpn between mx250 and mx84 have no issues. but both of these mx peers with mx450 with routes advertised through vpn. but just lan to lan is not happening.
Good to hear you solved it! I'm sorry, I must have misunderstood your question. I was under the impression that communication between the MX84 and the MX250 subnets worked but with the MX450 subnet didn't work. So I was listing the things that might cause that kind of behavior.