Meraki

Community

Site to Site VPN issue

Sachin
Comes here often
‎May 22 2019 5:47 AM
‎May 22 2019 5:47 AM

Site to Site VPN issue

I am doing POC on MX devices to create Site to Site VPN (Hub/Spoke).

 

Topology :

HUB:

 

Huawei 4G Router ---> MX67 ---->  MS ---> Test machine

 (Public IP)             (WAN IP Private IP)

                                 192.168.1.XX through DHCP

Spoke:

Huawei 4G Router ---> MX67 ---->  MS ---> Test machine

 (Public IP)             (WAN IP Private IP)

                                 192.168.2.XX through DHCP

 

I am able to see VPN status is up & local routes are being exchanged with each other but showing in down state means unable to ping test machine from HUB to Spoke or vice versa. Even MX to MX is not pinable. I checked logs through packet capture Wan IP (192.168.1.X) is trying to communicate with other site Wan IP (192.168.2.X) & Public IP (76.XX.XX.XX) but unable to see any reverse traffic from other side. Same pattern is also seeing other HUB side. Someone please let me know how can I fixed this issue & is it possible to make Site to Site VPN with upstream 4G Router. 

0 Kudos
2 Replies 2
SoCalRacer
Kind of a big deal
‎May 22 2019 7:50 AM
‎May 22 2019 7:50 AM

Check port 9350 on the 4G router and make sure that is open. Also are you able to ping MX to MX?

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 22 2019 4:33 PM
‎May 22 2019 4:33 PM

It is typical for 4G carriers to run the default APN through a firewall and block new inbound traffic by default.

 

Typically you need to change the APN to one that does not run via a firewall, or at a minimum, allows inbound traffic.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.