MX84 just stops passing traffic across P2P VPN.

Lee_C
Comes here often

MX84 just stops passing traffic across P2P VPN.

MX84 just stops passing traffic across P2P VPN. Sometimes only particular VLANs. The other end is a Cisco ASA 5510 v8.2.

The MX84 is on the list to be replaced under the "Clock signal component issue", but no date has been assigned. MX84 has been in use for over 18 months.

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

That ASA is very very old. Can it take newer code?
Lee_C
Comes here often

The ASA will not support newer code. It is scheduled to be replaced this quarter. 

MerakiDave
Meraki Employee
Meraki Employee

Have you received your Dashboard banner or email that your MX84 is ready for RMA yet?  Or you saw that and there's no date assigned or action required yet?  The "clock signal component issue" has about a 1% failure rate after 18 months of operation, and the intention was to replace most/all units before (or not far past) that 18-month window.  In the upper right of your Dashboard screen you can go to Help > Hardware Replacements, if you haven't seen that page already.  

 

Beyond that, See if there's anything obvious when looking over the Security Appliance > VPN Status page.  Also see if anything jumps out in the Event Log, select "for security appliances" and start typing in "VPN" into the event type box and select VPN connectivity and/or registry changes, see if any of the timestamps line up with event logs from other appliances losing their connectivity for some reason, and correlate that with their Appliance Status pages, look at their Uplink tab and look at the latency/loss graphs for example.  

 

If nothing becomes apparent, go ahead and open a case with Meraki Support.  Good you are working on upgrading, v8.2 is pretty out of date and has vulnerabilities, and there are known issues with 8.2 and premature VPN tunnel teardowns as mentioned in the support docs.  Hope that helps!

@Lee_C you are probably better to ask the question in the Cisco Support forums, rather than the Meraki forums.

supportforums.cisco.com

 

You are doing to need to compare the settings on the ASA, and then probably do a VPN debug to determine the issue.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels