Non-Meraki Peer VPN Breaks After Making a Change

Twitch
Building a reputation

Non-Meraki Peer VPN Breaks After Making a Change

Hello to the Crew - question for you:

 

We have a non-Meraki Peer VPN between our office and our parent company. While the VPN terminates MX to MX, right now we are different organizations so the tunnel has to be a non-Meraki peer setup.

 

As long as we don't make any changes to the subnets configured on both ends, the VPN works great. If, however, if we add or remove a remote private subnet from either end of the config, the VPN quits working. The only way to restore functionality is to completely rip-out the config on both ends and put it back.

 

It seems like IPSec gets hosed and the traffic just stops transiting the VPN once a change is made. Naturally, recreating the tunnels on both ends reestablishes IPSec and the tunnel works fine once again after that.

 

Has anyone else seem a similar behavior? Is there a fix or workaround? I am not aware of any way to "pause" the VPN, make the required changes, and then start it up again.

 

Thanks!

 

Twitch

2 REPLIES 2
PhilipDAth
Kind of a big deal
Kind of a big deal

If you put a tag on your network, then you can pause or stop the VPN by changing the tag on the non-Meraki VPN to "none", and then putting it back to the tag on your network.

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Peer_availability 

This is brilliant! Thanks for that idea!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels