cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX84 Can't create inbound VPN policy.

New here

MX84 Can't create inbound VPN policy.

when I create policy of VPN tunnel. It will missing after save.

5 REPLIES 5
Getting noticed

Re: MX84 Can't create inbound VPN policy.

How strange.......I literally just experienced this issue but on a MX250. Then your email came through from the community forum. I made the vpn rules inbound and outbound they seemed to apply OK, however when I navigate elsewhere then back to the VPN config the inbound rules have disappeared. Outbound rules are ok, they remain. Running latest stable MX 14.39

 

So I'm in the same boat as you.

 

New here

Re: MX84 Can't create inbound VPN policy.

And then what is the solution for this problem?

 

Highlighted
Getting noticed

Re: MX84 Can't create inbound VPN policy.

I raised a case, see attached pic. It's a cosmetic issue, meaning the inbound vpn rules shouldn't be there at all. At least until they fix it. The pic is a extract from a document supplied to me by the TAC. I did notice (just now) a ! hover which states this but its much more discrete than the pic. Have asked for a ETA on fix.

Wish the problem was inversed though, would much rather limiting inbound initiated coms from a semi-trusted VPN peer.

 

Cheers

 

inbound_vpn_fw.PNG

Kind of a big deal

Re: MX84 Can't create inbound VPN policy.

I'm always surprised that the inbound site-to-site rules continue to show up. Hasn't this bug been chilling out for months now? It's very confusing.

Getting noticed

Re: MX84 Can't create inbound VPN policy.

Tell me about it, I have never had to use them before until now.

 

This limitation means that I'll need to propose a different solution for this VPN setup.

 

So it looks like the MX's are no good for setting up multiple VPN peers for different 3rd parties who each need to "initiate" access to unique specific resources on the LAN side of the MX with security in mind.

 

Cheers

 

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.