Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Tunnels Slow to Re-Form After Firmware Update

TRBO_KCMO
Here to help
‎May 17 2023 7:04 AM
‎May 17 2023 7:04 AM

Tunnels Slow to Re-Form After Firmware Update

Just bumped the firmware to 17.10.2 on MX84 hub. The spokes were completed already. After the update, it took a long time for spoke-to-hub tunnels to re-form, a few almost an hour. This is the first time we've tracked a firmware update on a hub, so I don't know if that is normal behavior. Seems like it. The spokes run the gamut of models, so we can't tie it to any specific model, even though we do have numerous Z3's on 18.107.

 

So my question is, how long should it take for tunnels to re-form after a firmware update to a hub? 

Subscribe
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 17 2023 8:13 AM
‎May 17 2023 8:13 AM

Have you tried disabling all security policies? It's a known issue.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
TRBO_KCMO
Here to help
‎May 17 2023 1:26 PM
‎May 17 2023 1:26 PM

None defined, surprisingly enough

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 17 2023 1:21 PM
‎May 17 2023 1:21 PM

I'm used to it happening within minutes.  This is a long time.

 

Is the hub behind NAT without a manual NAT configuration?  That could impact recovery time.

0 Kudos
Subscribe
In response to PhilipDAth
TRBO_KCMO
Here to help
‎May 17 2023 1:32 PM
‎May 17 2023 1:32 PM

That's where I was headed. I's in a DMZ  but with a manual NAT. Going to have to consult the FW team 

0 Kudos
Subscribe
In response to TRBO_KCMO
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 17 2023 1:37 PM
‎May 17 2023 1:37 PM

Configure this option (except configure it for manual), and it will repair any issues very quickly:

PhilipDAth_0-1684355782750.png

 

 

0 Kudos
Subscribe
In response to PhilipDAth
TRBO_KCMO
Here to help
‎May 17 2023 1:46 PM
‎May 17 2023 1:46 PM

Already set that way. 

0 Kudos
Subscribe
In response to TRBO_KCMO
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 17 2023 1:53 PM
‎May 17 2023 1:53 PM

That would suggest that the configured UDP port is not being allowed in, or the configured public IP address is not correct.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.