Site to Site non-meraki VPN. I can ping them but they can't ping me.

Building a reputation

Site to Site non-meraki VPN. I can ping them but they can't ping me.

Hello everyone,


We have set up a non-meraki site to site VPN. The status of the VPN shows green. And from the MX dashboard I can ping their router. But they cannot ping the MX on their side.


Any Ideas? Would AMP and intrusion Prevention be the cause? 


Also I had them set the MX as the next hop IP for all traffic on their VPN subnet. The reason being is the User is in Switzerland and wants to Use the VPN so he can have an American IP to use for services like Hulu and netflix ...ect. 


The router I'm told they have is a Sophos Red. If anyone is familiar with this router I'd appreciate a little help in directing the Swiss team on what settings they need to be looking at. 


as usual thanks for all the help.


here's a diagram 


Meraki Employee

Hi @trunolimit also check your firewall settings on the MX under Security & SD-WAN > Configure > Firewall and there is a section for "Security Appliance Services" where you should be able to specify the remote IPs allowed for ICMP. 

Building a reputation

I was looking for that. But it goes beyond that. I had them try to ping other devices on my LAN with no success

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.