Non Meraki VPN Peer (Closing Child_SA)

endrianusgohan
Getting noticed

Non Meraki VPN Peer (Closing Child_SA)

Hi, 

 

I've non meraki vpn peers connected to branch non meraki device VPN. 

 

Sometimes I can't ping remote IP. When I checked the logs it said : 

msg: <remote-peer-2|190> closing CHILD_SA net-2-1{1973} with SPIs ccf831e8(inbound) (312 bytes) 49631dcf(outbound) (0 bytes) and TS ip_local === ip_remote

 

ip_local = my corporate ip subnet, eg. 10.10.2.0/23

ip_remote = my branch subnet, e.g. 10.10.16.0/20

 

As the result, I can't ping to any ip subnet under 10.10.16.0/20. 

 

What happened ? Is this because my router is behind the NAT or it had to do with the internet connection ?

1 REPLY 1
PhilipDAth
Kind of a big deal

"closing CHILD_SA" means the VPN is being terminated.  You would need to look above that for a possible reason.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels