Local routes are not being exchanged through Site to Site VPN

Sachin
Comes here often

Local routes are not being exchanged through Site to Site VPN

Local routes are not being exchanged through Site to Site VPN (Hub/Spoke) topology. We are using Huawei 5G router for Internet connectivity at both side for MX67. Please let me know what needs to be done to communicate the local routes with each other.

8 REPLIES 8
JasonCampbell
Getting noticed

The route must be present on your MX67 and then you need to go to Security & SD-WAN -> Site-to-Site VPN, select "Yes" for "Use VPN" for the given route.
SoCalRacer
Kind of a big deal

1) Security & SD-WAN -> VPN Status and verify the VPN is connected.

2) Security & SD-WAN -> Appliance Status - > Tools -> Ping (Ping the local device from the local MX)

3) Security & SD-WAN -> Appliance Status - > Tools -> Ping (Ping the remote device from the local MX)

Just checked the VPN Status, showing VPN registry disconnected..how can I fixed it. Do I need to make any changes like ACL in 4g Internet router to allow the UDP 9350 traffic....

 

Note : Using 4g Huawei router for internet connectivity

SoCalRacer
Kind of a big deal

Yes you will need port 9350.

 

Just the below link for some help. Do you see anything in the logs?

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Troubleshooting_VPN_Registration_for_Meraki_Aut...

Just checked, VPN is up but local routes are not being exchange.. Any idea why?? 

just checked, able to ping the local devices but unable to ping the peer IP of remote site & viceversa....

SoCalRacer
Kind of a big deal

Just to check you did try this?

 

Security & SD-WAN -> Configure - > Site-to-Site VPN -> VPN Settings -> Local networks -> -Use VPN is marked Yes

 

Also are you able to ping from MX to MX. Can you ping from a device to the remote MX?

 

 

checked, VPN is marked Yes but unable to ping MX to MX devices..

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels