Hi All
Looking for some advise here
At the moment i have 13 MX that have auto vpn configured, all of them are running Firmware 15.44 and there is only one VPN HUB in the network this HUB runs Firmware 14.53, with this setting the remote peers can connect an internal SAP app that we use at our remote locations, the problems begin at the moment i upgrade the VPN HUB to 15.44 then all of the remote vpn peers start failing to connect to a local server that is in the same network as the VPN Hub, when i upgrade i can ping the server wich is ip 192.168.2.13 so basic connectvitiy is there, i took packet capture before and after firmware migration of the HUB
In this example remote peer is 192.168.6.131 and the server to connect is 192.168.2.13
Im attaching a .rar where the capture is done in FW 15.44 and the peer cannot connect, and then i downgrade to 14.53 and take another capture where the same peer can connect to the server
this is a screenshot of the error i see when FW is 15.44
https://drive.google.com/file/d/1xHW4IxR7oCEI343N5UVVnrIAPYrFB8Nd/view?usp=sharing
Solved! Go to solution.
Try disabling IPS and AMP and see if it starts working. If it does, you have narrowed it down to one area.
I would also check the security event log.
Try disabling IPS and AMP and see if it starts working. If it does, you have narrowed it down to one area.
I would also check the security event log.
Hi Philip
Thank you for your answer
I have checked the security event log for both sides and there is no registry of any blocked item
I will perform an upgrade to 15.54 and disable AMP & IPS on the Hub and check if it works, ill have to do this afterhours
Mike
Not sure if you already have done this, but my experience is that you have to add the subnet which the HUBs IP recides on, as a local subnet to be advertised to the spokes, as well..
im already done it, the spokes can see the hub local subnet and can ping each other with no issue at all
I whitelisted the server to wich the remote peers connect to, and then did a firmware upgrade and the remote clients connected with no issues, so i will keep this config for now, i will let know meraki support about this, because i have an open support ticket.
Thanks