Site-to-Site VPN from MX64 to Non-Meraki (SonicWALL TZ) stops passing traffic
I have several MX64-Non-Meraki (SonicWALL TZ205w and TZ300) VPNs. Generally, all of them work without issue. However, for no apparent reason, some of them will stop passing traffic. If I look at the SonicWALL, it says the tunnel is online, but it isn't. Once I renegotiate the tunnel, the VPN starts passing traffic again within seconds. The other weird thing is that it doesn't drop all the tunnels between the devices. I thought we were getting false positives, as I could ping the site from my workstation VLAN, but I then found that I couldn't do so from my server VLAN.
I've had success in the past with having support disable nat-t. It was between an ASA and an MX65, but I had a tunnel that just kept... dropping. Up and happy for a while, then boom splat unhappy remote site with no DNS.
After support disabled NAT-T, it has stayed up successfully for almost two months. I hope you get the same result!
Having just completed both the SNSA and SNSP courses, one of the things that was highlighted was to make sure only one end of the site has keep-alives active, unfortunately on the Meraki side there is no keep-alive option so you must make sure this is enabled on the Sonicwall side, also you might find playing with the MTU may also work.
CTO & Solutioneer CMNA, CMNO, ECMS2 SNSA, SNSP ~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~