cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

LAN to LAN failed in site to site vpn

SOLVED
Getting noticed

LAN to LAN failed in site to site vpn

I have 3 MX boxes each of them are MX450, MX250 and MX84. I have successfully peered site to site vpn with all boxes where MX450 and MX250 act as hub and MX84 as spoke. 

 

Lan to Lan communication between MX250 and MX84 have no issues where both ends station communicate with eachother. However stations behind MX250 and MX84 fails to connect to stations behind MX450. 

I can see packets received and sent by stations behind MX450 but failed to connect. I suspect MX450 is blocking from somewhere but didnt find any clue. Upgraded firmware to latest stable release too. 

Stations behind MX250 and MX84 can ping to the LAN interface IP of MX450 though but not to the it's lan stations. 
Need idea to troubleshoot the issue.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Getting noticed

Re: LAN to LAN failed in site to site vpn

I found the solution. There was splash page enabled on that lan vlan that restricted it's reachability. after disabling splash page. the connection is successful.

5 REPLIES 5
Kind of a big deal

Re: LAN to LAN failed in site to site vpn

Is the subnet, in which the MX450's stations are, included in the AutoVPN? In other words, is the dropdown menu set to yes:

2019-02-21 14_47_54-VPN Configuration - Meraki Dashboard.png

 

Do you have any site-to-site firewall rules configured that might be blocking the traffic:

2019-02-21 14_50_39-VPN Configuration - Meraki Dashboard.png

 

Do the devices in the MX450 subnet have the MX450 address as default gateway? Can they ping the MX450?

Getting noticed

Re: LAN to LAN failed in site to site vpn

Yes the drop down is selected as yes. 

 

Like i said before, vpn between mx250 and mx84 have no issues. but both of these mx peers with mx450 with routes advertised through vpn. but just lan to lan is not happening.

Highlighted
Getting noticed

Re: LAN to LAN failed in site to site vpn

I found the solution. There was splash page enabled on that lan vlan that restricted it's reachability. after disabling splash page. the connection is successful.

Kind of a big deal

Re: LAN to LAN failed in site to site vpn

Good to hear you solved it! I'm sorry, I must have misunderstood your question. I was under the impression that communication between the MX84 and the MX250 subnets worked but with the MX450 subnet didn't work. So I was listing the things that might cause that kind of behavior.

Getting noticed

Re: LAN to LAN failed in site to site vpn

No issues. Sometimes we are unable to explain as well as understand the things. 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.