LAN to LAN failed in site to site vpn

Solved
KMNEP
Getting noticed

LAN to LAN failed in site to site vpn

I have 3 MX boxes each of them are MX450, MX250 and MX84. I have successfully peered site to site vpn with all boxes where MX450 and MX250 act as hub and MX84 as spoke. 

 

Lan to Lan communication between MX250 and MX84 have no issues where both ends station communicate with eachother. However stations behind MX250 and MX84 fails to connect to stations behind MX450. 

I can see packets received and sent by stations behind MX450 but failed to connect. I suspect MX450 is blocking from somewhere but didnt find any clue. Upgraded firmware to latest stable release too. 

Stations behind MX250 and MX84 can ping to the LAN interface IP of MX450 though but not to the it's lan stations. 
Need idea to troubleshoot the issue.

1 Accepted Solution
KMNEP
Getting noticed

I found the solution. There was splash page enabled on that lan vlan that restricted it's reachability. after disabling splash page. the connection is successful.

View solution in original post

5 Replies 5
BrechtSchamp
Kind of a big deal

Is the subnet, in which the MX450's stations are, included in the AutoVPN? In other words, is the dropdown menu set to yes:

2019-02-21 14_47_54-VPN Configuration - Meraki Dashboard.png

 

Do you have any site-to-site firewall rules configured that might be blocking the traffic:

2019-02-21 14_50_39-VPN Configuration - Meraki Dashboard.png

 

Do the devices in the MX450 subnet have the MX450 address as default gateway? Can they ping the MX450?

KMNEP
Getting noticed

Yes the drop down is selected as yes. 

 

Like i said before, vpn between mx250 and mx84 have no issues. but both of these mx peers with mx450 with routes advertised through vpn. but just lan to lan is not happening.

KMNEP
Getting noticed

I found the solution. There was splash page enabled on that lan vlan that restricted it's reachability. after disabling splash page. the connection is successful.

BrechtSchamp
Kind of a big deal

Good to hear you solved it! I'm sorry, I must have misunderstood your question. I was under the impression that communication between the MX84 and the MX250 subnets worked but with the MX450 subnet didn't work. So I was listing the things that might cause that kind of behavior.

KMNEP
Getting noticed

No issues. Sometimes we are unable to explain as well as understand the things. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels