Servers behind 3rd Party Meraki VPN tunnel not reachable with MX FW 18.2xx

Holli69
Getting noticed

Servers behind 3rd Party Meraki VPN tunnel not reachable with MX FW 18.2xx

Hi all,

 

we've investigate an issue with MX FW 18.2xx.

With MX FW 18.1xx it works fine.

Our Branch offices with Meraki MX100, MX85,MX95 build a 3rd party VPN Tunnel to our VPN Concentrator in the Data Center MX450.

With MX FW 18.1xx all Servers behind the VPN Concentrator are reachable via ping from the branch offices. With FW 18.2xx the Servers are not reachable anymore via ping.

Has anyone else encountered this issue ?

 

9 Replies 9
DarrenOC
Kind of a big deal
Kind of a big deal

Does the issue resolve if you roll back?

 

I would contact Meraki support in this instance.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Hi Darren, Yes, after rolling back to 18.1xx solve the problem.

DarrenOC
Kind of a big deal
Kind of a big deal

Just to clarify, was it just ICMP that wouldn’t function or was all connectivity lost?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

The connection is completely lost to the Data Center and vice versa

alemabrahao
Kind of a big deal
Kind of a big deal

I suggest you open a support case to check.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Brash
Kind of a big deal
Kind of a big deal

Given 18.2.x is in beta, I suggest opening a case with support if you can safely put it in the broken state again.

Otherwise, remain on the 18.1.x stable firmware

cmr
Kind of a big deal
Kind of a big deal

Did you only try 18.205, or the new 18.207?

 

I had something sort of similar;

 

Hub 17.x in datacentre

Spoke 18.1xx in home office

Personal MX that terminates internet connection at home 18.205

 

The upgrade of the personal MX stopped the corporate spoke finding the hub.  I downgraded to 18.1xx and it worked fine again.  I haven.t had a chance to test with 18.207 but aim to over the next couple of days. 

PhilipDAth
Kind of a big deal
Kind of a big deal

I wonder if this is an AutoVPN rebuilding issue.

 

Are you able to enable NAT traversal on your main hub?  Even if this does not solve the problem, it makes AutoVPN more robust.

 

PhilipDAth_0-1702838612396.png

 

Hi,

This isn't AutoVPN issue, it's 3rd Party VPN, because of 2 different Meraki Organizations involved..

BTW: It's with each branch office to the VPN Concentrator in the DC.VPN Concentrator has NAT Traversal enabled. Latest FW 18.107.7 Patch works also fine, FW 18.205/18.207 doesn't

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels