Meraki

TRBO_KCMO · ‎May 17 2023

Just bumped the firmware to 17.10.2 on MX84 hub. The spokes were completed already. After the update, it took a long time for spoke-to-hub tunnels to re-form, a few almost an hour. This is the first time we've tracked a firmware update on a hub, so I don't know if that is normal behavior. Seems like it. The spokes run the gamut of models, so we can't tie it to any specific model, even though we do have numerous Z3's on 18.107.

So my question is, how long should it take for tunnels to re-form after a firmware update to a hub?

alemabrahao · ‎May 17 2023

Have you tried disabling all security policies? It's a known issue.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

TRBO_KCMO · ‎May 17 2023

None defined, surprisingly enough

PhilipDAth · ‎May 17 2023

I'm used to it happening within minutes. This is a long time.

Is the hub behind NAT without a manual NAT configuration? That could impact recovery time.

TRBO_KCMO · ‎May 17 2023

That's where I was headed. I's in a DMZ but with a manual NAT. Going to have to consult the FW team

PhilipDAth · ‎May 17 2023

Configure this option (except configure it for manual), and it will repair any issues very quickly:

TRBO_KCMO · ‎May 17 2023

Already set that way.

PhilipDAth · ‎May 17 2023

That would suggest that the configured UDP port is not being allowed in, or the configured public IP address is not correct.

Meraki

Community

Tunnels Slow to Re-Form After Firmware Update

Tunnels Slow to Re-Form After Firmware Update