Non Meraki VPN Peer (Closing Child_SA)

Getting noticed

Non Meraki VPN Peer (Closing Child_SA)



I've non meraki vpn peers connected to branch non meraki device VPN. 


Sometimes I can't ping remote IP. When I checked the logs it said : 

msg: <remote-peer-2|190> closing CHILD_SA net-2-1{1973} with SPIs ccf831e8(inbound) (312 bytes) 49631dcf(outbound) (0 bytes) and TS ip_local === ip_remote


ip_local = my corporate ip subnet, eg.

ip_remote = my branch subnet, e.g.


As the result, I can't ping to any ip subnet under 


What happened ? Is this because my router is behind the NAT or it had to do with the internet connection ?

Kind of a big deal

"closing CHILD_SA" means the VPN is being terminated.  You would need to look above that for a possible reason.


I have the same problem. check the logs and the following is displayed:


2 de mayo 22:59:51 Negociación VPN no Meraki/clientemsg: <remote-peer-2|224> cerrando CHILD_SA net-2-2{766} con SPI cca577a3 (entrante) (0 bytes) f114c4b8 (saliente) (0 bytes) y TS === 10.99 .24.0/25
2 de mayo 22:58:23 Negociación VPN no Meraki/clientemsg: <remote-peer-2|224> cerrando CHILD_SA net-2-3{765} con SPI c7cfc2c2(entrante) (709463 bytes) f114c3ff(saliente) (648993 bytes) y TS === 10.99 .24.0/25


There are 2 WANs. when it goes down I have to turn VPN mode off and on.
I need to know how to solve this problem.

The firewall at the other end is a Fortinet.


Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.