Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Non-Meraki VPN - Stay Connected

ZDonaldson
Getting noticed
a month ago
a month ago

Non-Meraki VPN - Stay Connected

Hey All,

 

I have a non-Meraki VPN tunnel to a Sophos device. The tunnel is being disconnected periodically and not reconnecting.  The logs on the Sophos unit indicate that the Meraki side is terminating the tunnel.  

 

What settings should I be looking at to ensure this tunnel stays up all the time?

Zane D - IT Manager in Sin City NV
Labels:
0 Kudos
Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
a month ago
a month ago

How is the Lifetime of phases 1 and 2 configured?

 

I suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
a month ago
a month ago

When there is a mismatch, the most common result is that the VPN stops functioning when one site's lifetime expires. The tunnel does not completely rebuild until either the site with an expired lifetime attempts to rebuild, or the longer lifetime fully expires.

Remote Site has Shorter Lifetime(s)

In this situation, the local site will still be sending IPsec datagrams towards the remote peer while the remote peer does not have an active association. In most cases, the tunnel will rebuild when the remote site attempts to rebuild the tunnel (prompted by sending interesting traffic toward the VPN route from the remote peer).

Local Site has Shorter Lifetime(s)

In this situation, the remote peer will still be sending IPsec datagrams towards the local site after the lifetime expires. As the inverse of the above, this will typically rebuild when traffic destined for the remote peer's subnets cause the local site to start a new IKE negotiation.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/IPsec_VPN_Lifetimes

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
cmr
Kind of a big deal
Kind of a big deal
a month ago
a month ago

Which is the initiator, the Sophos or the Meraki?  I found Sophos work better as the initiator where there is a temperamental internet connection.

0 Kudos
Subscribe
Brash
Kind of a big deal
Kind of a big deal
a month ago
a month ago

I'm not sure of the expected behaviour on the Meraki side but I know having implemented IP-SEC tunnels between Azure and Sophos, the tunnel will drop when there's no traffic going across it for a period of time.
The tunnel is rebuilt as soon as packets need to cross it.

 

Sophos XG to Azure VPN drops randomly - Discussions - Sophos Firewall - Sophos Community

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.