Hi Guys,
We run a private cloud where our core networking is Juniper based. A lot of our clients have Meraki devices as their routers within their offices. We run IPSEC vpn tunnels to deliver printers to their virtual desktops.
A few months ago all of our Meraki end points started to stop passing traffic over the tunnel at random times.
They sometimes work for days and then fall over. We currently have our service desk monitoring the printers across
the VPN and when ping fails, we manually clear the tunnel on the Juniper and everything starts working straight way.
I've tried calling support from Juniper and Meraki and I'm getting nowhere. Juniper have a least tried to help debug but their not getting much information and mentioned DPD of which there is nothing you we change on the Meraki.
I was seeing some NAT payload errors so I tried to disable NAT-T on the Juniper even though this VPN is not NATed. I have tried disabling anti-replay protection on the Juniper as someone mention that in the forums.
I thought I made some progress after these changes but it went down again after about 5 days.
The Meraki logged this is the event log around that time.
Oct 11 04:30:08
Non-Meraki / Client VPN negotiation
msg: packet shorter than isakmp header size (0, 84, 28)
Oct 11 04:28:27
Non-Meraki / Client VPN negotiation
msg: packet shorter than isakmp header size (0, 0, 28)
msg: the length in the isakmp header is too big.
When ever I speak with Meraki support they say there is mismatch in Phase 1 but that's not the case.
Is there a beta firmware we could try or escalate to somebody more helpful than we've had so far?
Thanks,
Matt