Meraki

Community

Site to site VPN ipsec issue in between Mikrotik and Meraki

jmccandles146
Conversationalist
Sunday
Sunday

Site to site VPN ipsec issue in between Mikrotik and Meraki

Configured site to site ipesec site to site vpn between Mikrotik and Meraki MX appliance, the VPN tunnels are up, the issue is seen in Network traffic getting between two devices, have reconfigured also but same issue is persisting.Vpn issueVpn issue

0 Kudos
3 Replies 3
pdeleuw
Getting noticed
Sunday
Sunday

Your description does not contain any relevant information. There are issues - but what exactly? So let me guess ...

Do you have more than one subnet in your traffic selector? According to https://documentation.meraki.com/MX/Site-to-site_VPN/IKEv1_and_IKEv2_for_non-Meraki_VPN_Peers_Compar... the MX builds a single SA with multiple subnets. Maybe the Mikrotik devuce responds with only a single traffic selector. The result is connectivity only with one subnet instead of more than one subnets.

GIdenJoe
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Meraki logging says that phase 2 is up,  however your screenshot of the Microtik log does not explicitely says phase 2 is up.
If you would do a small packet capture on the internet side of your MX filtering on the public IP of the ipsec peer you should see ESP packets going back and forth.  If you are not seeing that but seeing constant IKE informational messages then you probably have an issue with your phase 2.

0 Kudos
jmccandles146
Conversationalist
12 hours ago
12 hours ago

The VPN is now working, there was firewall policies in Mikrotik which had be prioritized( placed on TOP below srcnat(Internet access rule). The traffic is getting back and forth now, thank you for your suggestions.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.