Meraki

Community

SD-WAN All tunnels not established

Solved
msosa
Getting noticed
‎Jan 29 2019 10:46 AM
‎Jan 29 2019 10:46 AM

SD-WAN All tunnels not established

   Hello, I´m testing a SD-WAN network with a customer, the scenario is:

 

HQ: MX84 as VPN Concentrator one-armed (behind a Fw)

Branch1: MX64 with 2 Internet connections (behind a Fw)

Branch2: MX64 with 2 Internet connections

Full Mesh required.

 

   I configured the auto-VPN for the devices, and it started to work fine, HQ has 2 tunnels to each branch, but when I see the connection between the branches, I expected to see 4 tunnels, but there is only working 2,  the Branch2 Wan1 are not establishing the VPN tunnels to Branch 1 Wan1 and Wan2:

Screen Shot 2019-01-29 at 1.39.08 PM.png

 

 

I though it could be a problem with the Internet 1, but it is working well, and as I say before, the tunnels to the HQ are working, Wan1 and Wan2 from my branch device:

Screen Shot 2019-01-29 at 1.39.29 PM.png

 

A summary of the VPN Tunnels status:

 

HQ - Branch1 Wan1 : OK

HQ - Branch1 Wan2 : OK

HQ - Branch2 Wan1 : OK

HQ - Branch12Wan2 : OK

Branch1 Wan1 - Branch 2 Wan 1: Fail

Branch1 Wan1 - Branch 2 Wan 2: Ok

Branch1 Wan2 - Branch 2 Wan 1: Fail

Branch1 Wan2 - Branch 2 Wan 2: Ok

 

    Can somebody give me an advise what could be the reason? or how to troubleshooting it?

 

Thanks in advance!

Mauricio

 

 

 

0 Kudos
1 Accepted Solution
In response to msosa
msosa
Getting noticed
‎Jan 30 2019 6:56 AM
‎Jan 30 2019 6:56 AM

UPDATE: I moved the MX to the front of the firewall and it worked ok, certainly it was doing something strange but I´m sure it was not blocking anything.. and the funny thing is that the tunnels worked some times.. anyway it is ok now, thank you all for your comments!

View solution in original post

0 Kudos
5 Replies 5
NolanHerring
Kind of a big deal
‎Jan 29 2019 12:23 PM
‎Jan 29 2019 12:23 PM

You mentioned this:

 
Branch1: MX64 with 2 Internet connections (behind a FW)
 
I can't help but to think that this FW might be causing an issue, again not certain though.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
In response to NolanHerring
msosa
Getting noticed
‎Jan 29 2019 1:05 PM
‎Jan 29 2019 1:05 PM

thank you for your answer! I don´t think the firewall is the cause, because as you could see, I have VPN tunnels running on the same interfaces.
0 Kudos
In response to msosa
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 30 2019 1:08 AM
‎Jan 30 2019 1:08 AM

Have you got all the sites configured as hubs?

0 Kudos
In response to PhilipDAth
msosa
Getting noticed
‎Jan 30 2019 6:54 AM
‎Jan 30 2019 6:54 AM

Yes the are..

0 Kudos
In response to msosa
msosa
Getting noticed
‎Jan 30 2019 6:56 AM
‎Jan 30 2019 6:56 AM

UPDATE: I moved the MX to the front of the firewall and it worked ok, certainly it was doing something strange but I´m sure it was not blocking anything.. and the funny thing is that the tunnels worked some times.. anyway it is ok now, thank you all for your comments!
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.