Meraki

HarleyPhreak

Keep seeing these messages in my event logs. We have times where the tunnel(s) will drop randomly and come back up. When this happens it breaks database connections and occasionally corrupts data. Any idea what is causing this? Opened a support case and would like to point them in the right direction.

Oct 24 00:24:13	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: true
Oct 24 00:24:11	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: true
Oct 24 00:23:56	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: false
Oct 24 00:23:55	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: false
Oct 24 00:20:15	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: true
Oct 24 00:20:13	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: true
Oct 24 00:19:56	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: false
Oct 24 00:19:55	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: false
Oct 24 00:19:33	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: true
Oct 24 00:19:29	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: true
Oct 24 00:19:03	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: false
Oct 24 00:19:01	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: false
Oct 23 21:45:32	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: true
Oct 23 21:45:31	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: true
Oct 23 21:45:21	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: false
Oct 23 21:45:21	Meraki VPN	VPN tunnel connectivity change	vpn_type: site-to-site, peer_contact: 216.195.43.41:57236, connectivity: false

pmhaske

Hi @HarleyPhreak,

The first thing that comes into mind with VPN tunnel connectivity flaps is intermittent packet loss or congestion in the internet pathway between the peers. Check if there is an indication of this in the default ping to 8.8.8.8 under the uplink tab in appliance status of the peers. Also consider adding a connection monitoring ping to public IP addresses of peers to see if there is a correlation between loss and latency at the timestamp when tunnel changes occur.

PhilipDAth

Ih this by chance an IKEv2 VPN and you have more than one subnet in the source or destination encryption domain?

pmhaske

This looks like AutoVPN issue based on the 'Meraki VPN' field, IKEv2 based negotiation would be for IPsec or Non-Meraki VPN tunnel.

PhilipDAth

Any chance you can get a log from the other end to see what it thinks is happening?

PhilipDAth

Is either this MX or the MX at the other end behind something doing NAT?

HarleyPhreak

Meraki support says they see flapping on the circuit at the far end, so I have opened a ticket with the ISP to have them investigate. Thanks for the input...will update once the ISP does their thing. Hopefully, them fixing that will resolve the issue.

Meraki

Community

Site to site VPN keeps dropping intermittently

Site to site VPN keeps dropping intermittently