Meraki

Community

SITE-TO-SITE VPN CONFIGURATION

Solved
D_Tau
Here to help
‎Sep 18 2024 11:48 PM
‎Sep 18 2024 11:48 PM

SITE-TO-SITE VPN CONFIGURATION

Good day Meraki community, I an in need of assistance in troubleshooting failed connections for site to site VPN which we have configured for a client's network.

 

The VPNs were fully functional for the past two weeks but has now turned RED on all VPN participating networks. The configuration had about 13 networks as SPOKES and only one (1) hub.

 

Is there something we are missing in our configuration or is there something else to the matter?

Labels:
0 Kudos
1 Accepted Solution
In response to D_Tau
SamerAl
Meraki Employee
Meraki Employee
‎Sep 19 2024 2:29 AM
‎Sep 19 2024 2:29 AM

Did you try to take a packet capture on the internet interface of both MX's , can you see the communication with the VPN registery happening ?

 

Please refer to this article for more troublshooting tips.

 

Also, take a look at this article for your reference on how to take packt captures on the dashboard.

 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution " so that others can benefit from it.

View solution in original post

0 Kudos
10 Replies 10
SamerAl
Meraki Employee
Meraki Employee
‎Sep 19 2024 1:05 AM
‎Sep 19 2024 1:05 AM

Hi @D_Tau,

 

Is it None Meraki VPN or autoVPN ( Meraki to Meraki ) you are refering to here ?

 

We had an issue for autoVPN yesterday but it should be resolved now, please check https://status.meraki.net/

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution " so that others can benefit from it.
0 Kudos
In response to SamerAl
D_Tau
Here to help
‎Sep 19 2024 1:35 AM
‎Sep 19 2024 1:35 AM

Hello @SamerAl ,

 

Its is all Meraki hardware Sir, newly deployed and configured to an Organization named Botswana Police Services SDWAN...

 

We are aware that the autoVPN has been resolved and we have attempted restarting the devices a number of times but the problem still persists.

 

However, the VPNs we have configured today are fully functional yet those we configured prior to these are not reachable.

0 Kudos
In response to D_Tau
SamerAl
Meraki Employee
Meraki Employee
‎Sep 19 2024 2:29 AM
‎Sep 19 2024 2:29 AM

Did you try to take a packet capture on the internet interface of both MX's , can you see the communication with the VPN registery happening ?

 

Please refer to this article for more troublshooting tips.

 

Also, take a look at this article for your reference on how to take packt captures on the dashboard.

 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution " so that others can benefit from it.
0 Kudos
In response to SamerAl
D_Tau
Here to help
‎Sep 19 2024 3:06 AM
‎Sep 19 2024 3:06 AM

We have not tried that out yet, please allow us to check then revert back to you. 

 

Thank you.

0 Kudos
In response to D_Tau
D_Tau
Here to help
‎Sep 19 2024 3:29 AM
‎Sep 19 2024 3:29 AM

D_Tau_0-1726741613890.png

Not sure if it is visible there but we do get some responses over the internet packet capture on those networks with failed VPN connections.

0 Kudos
In response to D_Tau
SamerAl
Meraki Employee
Meraki Employee
‎Sep 19 2024 4:00 AM
‎Sep 19 2024 4:00 AM

@D_Tau,

 

The communication should be bidirectional between the MX IP address and the VPN registry IPs. Once that communication is established, the VPN registry will instruct both MXs to build the tunnel.

 

 

The screenshot you included doesn't show any of the IPs used by the VPN registry.

 

You can find the IP ranges and port numbers used for the VPN registry listed in the dashboard. Just click on the "?" at the top right, then go to "Firewall info."

 

if you can, pelase try to log a case with our support team and they will be able to help on this.

 

you can do so by navigating to the dashboard ? > Get help and cases .
 
 
 
 
  

 

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution " so that others can benefit from it.
0 Kudos
In response to SamerAl
D_Tau
Here to help
‎Sep 19 2024 6:12 AM
‎Sep 19 2024 6:12 AM

Noted, should they both be visible while doing a packet capture on the internet interface?

 

we have seen multiple interface selections including that of the site-to-site VPN interface.

 

For the output shared earlier it was only captured on the Internet Interface.

0 Kudos
In response to D_Tau
D_Tau
Here to help
‎Sep 19 2024 6:19 AM
‎Sep 19 2024 6:19 AM

D_Tau_0-1726751936617.png

 

This is the packet capture on the site to site VPN interface

0 Kudos
In response to D_Tau
SamerAl
Meraki Employee
Meraki Employee
‎Sep 19 2024 6:33 AM
‎Sep 19 2024 6:33 AM

Yes , they should both be visible while doing a packet capture on the internet interface?

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution " so that others can benefit from it.
0 Kudos
D_Tau
Here to help
‎Sep 19 2024 3:36 AM
‎Sep 19 2024 3:36 AM

We have configured another branch location as our Hub together with the HQ Hub and communication with the branch location hub is fully functional. I do believe your solution/recommendation @SamerAl has shed some light on our troubleshooting. 

 

Thank you kindly for your assistance.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.