Meraki

Community

No-meraki vpn problems with Fortigate

Solved
Nandoneves
Here to help
‎Apr 25 2025 12:59 PM
‎Apr 25 2025 12:59 PM

No-meraki vpn problems with Fortigate

Hi guys.

 

Firewall MX MX67 - version 18.211.3

Firewall Fortigate

 

I'm having trouble solving a disconnection problem on a non-Meraki site-to-site VPN with a Fortigate. The Fortigate is located inside Azure.


The phase 1 and phase 2 configurations are correct on both sides. On the Meraki side, I see an event log showing only connections being reestablished.


On the Fortigate side, I can see errors in phase 1 "Payload malformed".
I'm using IKVE1, the subnets are being advertised on both sides of the peers.
The problem started occurring a few days ago.

 

Another observation, I see the tunnel down on the Meraki dash, but on the Fortigate the VPN shows UP.
Has anyone else experienced the same difficulty?

 

 

0 Kudos
1 Accepted Solution
BrentB
Here to help
‎Apr 25 2025 1:08 PM
‎Apr 25 2025 1:08 PM

Try IKEv2? We were having similar issues with connection into AWS and came down to one side being route based and the other policy based. I think the Meraki is policy based when on IKEv1 but it will use router based with IKEv2. I would have to go back and find the doc. We switched to IKEv2 and link popped right up?

View solution in original post

8 Replies 8
BrentB
Here to help
‎Apr 25 2025 1:08 PM
‎Apr 25 2025 1:08 PM

Try IKEv2? We were having similar issues with connection into AWS and came down to one side being route based and the other policy based. I think the Meraki is policy based when on IKEv1 but it will use router based with IKEv2. I would have to go back and find the doc. We switched to IKEv2 and link popped right up?

In response to BrentB
Nandoneves
Here to help
‎Apr 29 2025 6:47 AM
‎Apr 29 2025 6:47 AM

Hi BrentB.


I removed the VPN and created it again, but it didn't work.
I changed the mode to IKEV2 and it was up and running.
We're still monitoring it and it's still stable.
Thank you.

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 25 2025 1:40 PM
‎Apr 25 2025 1:40 PM

Have you had any changes to your network recently, such as a firmware update for example?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 27 2025 2:25 PM
‎Apr 27 2025 2:25 PM

I agree with @alemabrahao , check for recent firmware updates on the Meraki.

 

PhilipDAth_0-1745789140779.png

 

In response to alemabrahao
Nandoneves
Here to help
‎Apr 29 2025 6:48 AM
‎Apr 29 2025 6:48 AM

Hi Alemabrahao.

No updates or changes to the environment.

0 Kudos
Erminio
Here to help
‎Apr 26 2025 12:19 PM
‎Apr 26 2025 12:19 PM

Hi,

 

I encounter also some problems create an IPSec between a FG and an MX.

The solution for me was make the the remote ID on the MX side en de Local ID on the FG site the same.

After that everything worked fine since than.

 

Grtz. Erminio

Nandoneves
Here to help
‎Apr 29 2025 7:03 AM
‎Apr 29 2025 7:03 AM

Hi Erminio.

I'm also having trouble configuring a No-Meraki VPN between MX_x_Fortigate.

The peer configuration is pointing to the Remote ID on the mx and the local ID on the fortigate. I noticed that in IKEV2 mode it remained stable.

In IKEV1 mode I could see many errors in phase 1.
Thank you for sharing your suggestion.

0 Kudos
Nandoneves
Here to help
‎Apr 30 2025 6:12 AM
‎Apr 30 2025 6:12 AM

Guys, Morning.

 

After change to IKEV2, i see in the event logs, many register VPN no-Meraki.

 

Captura de tela 2025-04-30 100433.png

Verifed the uplinks in the firewall MX, no latency, drops in the links, no register.

Any recommended changes to the peer settings?
Thank you.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.