Meraki

Community

Site to Site non-meraki VPN. I can ping them but they can't ping me.

trunolimit
Building a reputation
‎Oct 16 2020 5:26 AM
‎Oct 16 2020 5:26 AM

Site to Site non-meraki VPN. I can ping them but they can't ping me.

Hello everyone,

 

We have set up a non-meraki site to site VPN. The status of the VPN shows green. And from the MX dashboard I can ping their router. But they cannot ping the MX on their side.

 

Any Ideas? Would AMP and intrusion Prevention be the cause? 

 

Also I had them set the MX as the next hop IP for all traffic on their VPN subnet. The reason being is the User is in Switzerland and wants to Use the VPN so he can have an American IP to use for services like Hulu and netflix ...ect. 

 

The router I'm told they have is a Sophos Red. If anyone is familiar with this router I'd appreciate a little help in directing the Swiss team on what settings they need to be looking at. 

 

as usual thanks for all the help.

 

here's a diagram 

swiss.jpg 

0 Kudos
2 Replies 2
MerakiDave
Meraki Employee
Meraki Employee
‎Oct 16 2020 3:55 PM
‎Oct 16 2020 3:55 PM

Hi @trunolimit also check your firewall settings on the MX under Security & SD-WAN > Configure > Firewall and there is a section for "Security Appliance Services" where you should be able to specify the remote IPs allowed for ICMP. 

0 Kudos
In response to MerakiDave
trunolimit
Building a reputation
‎Oct 20 2020 5:08 AM
‎Oct 20 2020 5:08 AM

I was looking for that. But it goes beyond that. I had them try to ping other devices on my LAN with no success

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.