Site to Site VPN is not working as espected

big-net
Getting noticed

Site to Site VPN is not working as espected

Hallo,

 

we've setup a new meraki envirenment.

 

Site A: MX250, working as Hub

Site B: MX250, working as Spoke

Site C: MX65, working as Spoke

 

vpn between Site A an Site C is working fine.

 

vpn between Site A and Site B has a problem:

the direction from Site B to Site A is working fine, but the direction from Site A to Site B not.

For example, if we copy a file from Site B to Site A it is working.

But if we copy a file from Site A to Site B it does not work or is extremly slow.

in general the connection from Site A to Site B is very bad.

 

We have checked all internet connections on every site, everything is ok.

Also client vpn on Site A and Site B is working fine.

 

We have deleted all rules on the site to site firewall.

Also the networks are routed through the vpn.

But it is not working.

 

Has anybody an idea whats the problem?

 

Any help is appreciated.

Thanks a lot.

 

Oliver

 

 

9 Replies 9
DensyoV
Meraki Employee
Meraki Employee

Hi,

 

Is there any SD-WAN policy or traffic shaping enabled on Site A? Also, I suggest taking packet captures to see where those packet drops are.

 

Thanks

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
cmr
Kind of a big deal
Kind of a big deal

Are the connections at site B set up with the correct bandwidth under the menu item below, it is critical that they match the actua available bandwidth for both up and down.

 

cmr_0-1591014762144.png

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

It sounds to me like you are experiencing an MTU squeeze.

 

Try changing it on a test machine to something like 1400 and see if that changes the behaviour.

https://myrandomtechblog.com/cryptomining/change-mtu-size-in-windows-10/ 

If it does resolve the problem, you just need to change it on the servers being accessed.

big-net
Getting noticed

Yes, That is an idea we also had 

but with all Servers?

It doesnt matter if smb, http or rdp.

everything is Slow

 

thanks 

PhilipDAth
Kind of a big deal
Kind of a big deal

If it is an MTU squeeze it will be affecting all TCP based protocols to all devices.

big-net
Getting noticed

But with our old Cisco VPN Routers everything works fine.

Two weeks ago we setup the meraki environment.

Everything works fine thince thursday last week.

And possibly the problem appears?

Thats what i dont understand

big-net
Getting noticed

the problem also appears when i'm pinging from one mx direct to the other mx about the tools section.

So the problem can't be at the server site.

big-net
Getting noticed

Hi,

 

no, there Is no SD-WAN policy or traffic shaping enabled on Site A.

 

thanks

big-net
Getting noticed

Finally, it was a problem with our internet provider.

Everythings works fine now.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels