Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX-105 > ASA > Sierra Wireless RV50x s2s

cavementech1
Comes here often
‎Mar 20 2024 2:47 PM
‎Mar 20 2024 2:47 PM

MX-105 > ASA > Sierra Wireless RV50x s2s

I need help...and Thank you in advance!!

 

I am setting up a MX-105 but temporarily the MX is required to sit behind an ASA 5508 until I get all the VPN tunnels currently routing to a MikroTik moved to the MX to Non-Meraki VPN. This is due to only having 1 Public IP and management not allowing the small fee to purchase an additional IP from our ISP. Just working with what I have...

 

I am struggling to get the MX-105 to either route through the ASA or I can't get the MX Non-Meraki VPN settings correct. The tunnel will be terminating on a Sierra Wireless RV50x modem. I also have a few Mikrotik routers that I have that to swap the tunnels as well.

 

I am not getting any failures on the Meraki Event log. On the RV50x log only shows:

 

Mar 20 21:39:56 err ALEOS_VPN_SwanMgr: establishing CHILD_SA 'tunnel2' failed
Mar 20 21:39:56 info ALEOS_VPN_SwanMgr: tunnel2 will be restarted

 

I've tried with no Local ID or Remote ID, tried with one or the other. I feel that the issue is within the ASA but I am a noob when it comes to ASA's. I've just never had to deal with them before. They were configured and managed by someone else. I am very well versed on Meraki SD-WAN and RV50's.

 

What I have so far is: (All IP's are changed for obvious reasons)

MX internal IP: 172.1.1.2

MX public IP: 180.95.150.130

MX vlan/subnet: 10.20.30.0/24

 

cavementech1_0-1710970707043.png

cavementech1_3-1710970860330.png

 

 

ASA MX interface: 172.1.1.1

ASA public IP: 180.95.150.130

 

RV50 internal IP: 172.2.2.2

RV50 public IP: 60.225.50.45

 

cavementech1_1-1710970784019.png

cavementech1_2-1710970834154.png

 

 

Labels:
0 Kudos
Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 20 2024 2:53 PM
‎Mar 20 2024 2:53 PM

I think that it will not work.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
cavementech1
Comes here often
‎Mar 20 2024 5:12 PM
‎Mar 20 2024 5:12 PM

The tunnel is not working for sure. But what do you when you say it won't work? Will not work at all or the screen shot info won't work? 

 

Do you have any suggestions? 

0 Kudos
Subscribe
In response to cavementech1
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 20 2024 5:44 PM
‎Mar 20 2024 5:44 PM

Because from what I understand you already have a VPN using this IP with the same peer, so I believe it won't work even behind a NAT.

 

I could be mistaken, so I would open a support case instead.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
cavementech1
Comes here often
‎Mar 20 2024 6:57 PM
‎Mar 20 2024 6:57 PM

Oh, I see what you are saying now.

 

The tunnels are not going through this ASA or MX currently. They all route through a different ISP. I'm consolidating and trying to make this closer to standard than what I've walked into.

 

The ASA just can't be removed until I get the MX 100% ready and tested. 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.