I'm fairly new to Meraki but I've had tons of experience in networking and b2b VPNs and I just can't seem to figure out in MX84 if your VPN is up or down.
Currently I see this
I was told that this green status is just an indication that the public ips can ping each other. I talked to the peer site and they said that they're seeing the phase 1 and phase 2 up but tunnel still down (?), which seems to be the case since I can't ping their device from my subnet.
Is there a way to filter out the logs that are only related to my vpn? I'm getting some phase 2 errors but I'm not sure if its related to my vpn
I'm really at my wits ends in here. I would really appreciate the help.
Solved! Go to Solution.
I understand we are discussing about "Non-Meraki VPN" Confguration.
Constructing tunnels with Meraki Auto VPN (between Meraki Devices) or Non-Meraki VPN (between Meraki and Non Meraki) are kind of easy.
I believe the logs displayed on the Dashboard shall be relevant to your VPN only.
I could see "failed to get sainfo" event
Did you happen refer to following url (Lists down most of error events)
Event Log: "failed to pre-process ph2 packet/failed to get sainfo"
Error Description: The tunnel can’t be established and the following error is recorded in the event logs in the Dashboard “msg: failed to pre-process ph2 packet (side: 1, status: 1), msg: failed to get sainfo.”
Error Solution: This can result from mismatched subnets in the IPsec tunnel definitions, typically a mismatched subnet mask. Check to be sure that the local and remote subnets match up on each side of the VPN tunnel.
Doe your phase 2 have more than 1 subnet in it? If so, then others have previsouly said you need to (on the Fortinet) "Needed to build an extra phase 2 tunnel instead of putting 2 subnets in one phase 2 configuration."