Site-to-Site VPN Flapping - Crying Wolf

Building a reputation

Site-to-Site VPN Flapping - Crying Wolf

Hello all - I am continuously getting email notifications "There was a VPN connectivity change..." in our MX100. These emails indicate that the connected went down, followed by another email usually less than a minute later saying that the connection has come back up. 


When this happens, I do not get any reports from remote users that they are being kicked-off or losing connectivity. From their perspective the VPNs appear to be stable. 

I noticed in the Dashboard that I can turn these alerts on or off, but I cannot adjust the threshold for reporting that a VPN connection has gone down. I would like to continue receiving these alerts in case a connection actually does stop working, but at this point it's almost like the Boy Who Cried Wolf. Between 12:48 AM and 12:43 PM today I have received 32 separate emails reporting a VPN "problem."


Has anyone else experienced this? If so, were you able to find a resolution?


Could it possibly be a configuration issue with the VPNs?


Is there a way to adjust the reporting threshold?


I realize that it could also possibly be an issue with our WAN service providers as well between our corporate office and the remote sites. 


Thanks much!





Kind of a big deal

It will almost certainly to be with how the two parties are handling the overlap between the SA expiring for the current VPN and the new SA is being formed for the replacement VPN (the VPN has to be replaced regularly when the SA expires).


I would say there will be zero you can do about this, apart from turning off the alert, which is now meaningless for you.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.