cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Site to Site VPN issue

Comes here often

Site to Site VPN issue

I am doing POC on MX devices to create Site to Site VPN (Hub/Spoke).

 

Topology :

HUB:

 

Huawei 4G Router ---> MX67 ---->  MS ---> Test machine

 (Public IP)             (WAN IP Private IP)

                                 192.168.1.XX through DHCP

Spoke:

Huawei 4G Router ---> MX67 ---->  MS ---> Test machine

 (Public IP)             (WAN IP Private IP)

                                 192.168.2.XX through DHCP

 

I am able to see VPN status is up & local routes are being exchanged with each other but showing in down state means unable to ping test machine from HUB to Spoke or vice versa. Even MX to MX is not pinable. I checked logs through packet capture Wan IP (192.168.1.X) is trying to communicate with other site Wan IP (192.168.2.X) & Public IP (76.XX.XX.XX) but unable to see any reverse traffic from other side. Same pattern is also seeing other HUB side. Someone please let me know how can I fixed this issue & is it possible to make Site to Site VPN with upstream 4G Router. 

2 REPLIES 2
Head in the Cloud

Re: Site to Site VPN issue

Check port 9350 on the 4G router and make sure that is open. Also are you able to ping MX to MX?

Kind of a big deal

Re: Site to Site VPN issue

It is typical for 4G carriers to run the default APN through a firewall and block new inbound traffic by default.

 

Typically you need to change the APN to one that does not run via a firewall, or at a minimum, allows inbound traffic.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.