MX ikev2

pp
Here to help

MX ikev2

Anyone running MX version (latest looks like 15.42) with ikev2 support and ikev2 tunnels want to comment on the feature and particularly stability? We are thinking of upgrading for the feature. 

8 Replies 8
CptnCrnch
Kind of a big deal
Kind of a big deal

Running 15.x for roundabout over a year now without issues. Currently running an IKEv2 tunnel to Umbrella SIG running stable for the last few weeks now.

PhilipDAth
Kind of a big deal
Kind of a big deal

We've been using 15.x for a long time.  No issues.

 

We aren't using IKEv2 at the moment, but when we last tested it the system only would work for a single subnet behind the MX.  You couldn't include multiple VLANs in the IKEv2 VPN.  Sure you could configure it - but it only worked for a single subnet.


@CptnCrnch do you know if this has changed?

CptnCrnch
Kind of a big deal
Kind of a big deal

Good to know @PhilipDAth! I'm having the same issue with my connection to Umbrella.

My technical contact (regarding Umbrella) told me it's "all or nothing" but I didn't have the chance to test if switching every single subnet to that VPN really works.

pp
Here to help

Thanks. Upgraded last night and it looks good so far.

nsingh
Here to help

I am specifically posting my experience with Meraki Support and Meraki latest "Stable" release 15.42.1 

 

I upgraded our "X network" MX box on this sunday at 4.30pm PST.

 

To start with, it's been a very poor code quality since Meraki released 15.42 and 15.42.1.

Taking some packet captures, revealed that there is connectivity and routing issues between Site-to-Site Meraki peers, so while on one location client VPN, you cannot access the resources of the another location, there are intermittent packet loss.

Since the same day we started experiencing the connectivity issues in our Client VPN. These are the behaviours.

1). I connect to our "X network" client VPN on Meraki. Connects fine. Then within one minute the VPN disconnects automatically with no error message nothing.

2). I connect to our "X network" client VPN. Connects fine. No internet works on the VPN, internal and external. I can see packets going out, but no return traffic.

3). I connect to our "X network" client VPN. Connects fine. Internal traffic does not work, external traffic works.

4). I try to connect to our "X network" client VPN. It gives me Authentication failed for the same exact credentials that are saved in my VPN profile which was previously authenticating without any issues.

 

I have downgraded the "X network" MX box on 14.53, and now everything works fine. This happened on both 15.42 and 15.42.1.

 

Here is a sneak peak of other blogs of users facing similar issues - https://www.reddit.com/r/meraki/comments/n5hygl/mx_15421_breaks_routing_somehow/

 

Last but not the least - I have been on support hotline for about 40 Mins now, but no takers of my call. Kudos!

Harry_P
New here

Same experience here as well. Meraki tech support is getting worse these days. You open a case, they ask you to call the support, and then if we wait for 30 to 45 mins to get someone, they complain about high call volume.

cmr
Kind of a big deal
Kind of a big deal

@nsingh I'd heard that only 15.42.1 onwards have the packet loss issue.  Our concentrators are still on 15.42 without an issue as I heard the stories before having time to upgrade.

 

We have an HA pair of MX250s in VPN concentrator mode, what are the models you are having issues with and what mose are they setup in?

 

Our other MXs are all in routed mode and running 15.43, 16.11 and 16.12 without a packet loss issue.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
cmr
Kind of a big deal
Kind of a big deal

@nsingh apologies I just realised you're referring to client VPN that we don't use, sorry!

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels