Hi,
I'm fairly new to Meraki but I've had tons of experience in networking and b2b VPNs and I just can't seem to figure out in MX84 if your VPN is up or down.
Currently I see this
I was told that this green status is just an indication that the public ips can ping each other. I talked to the peer site and they said that they're seeing the phase 1 and phase 2 up but tunnel still down (?), which seems to be the case since I can't ping their device from my subnet.
Is there a way to filter out the logs that are only related to my vpn? I'm getting some phase 2 errors but I'm not sure if its related to my vpn
I'm really at my wits ends in here. I would really appreciate the help.
Thanks
Solved! Go to solution.
I understand we are discussing about "Non-Meraki VPN" Confguration.
Constructing tunnels with Meraki Auto VPN (between Meraki Devices) or Non-Meraki VPN (between Meraki and Non Meraki) are kind of easy.
I believe the logs displayed on the Dashboard shall be relevant to your VPN only.
I could see "failed to get sainfo" event
Did you happen refer to following url (Lists down most of error events)
Event Log: "failed to pre-process ph2 packet/failed to get sainfo"
Error Description: The tunnel can’t be established and the following error is recorded in the event logs in the Dashboard “msg: failed to pre-process ph2 packet (side: 1, status: 1), msg: failed to get sainfo.”
Error Solution: This can result from mismatched subnets in the IPsec tunnel definitions, typically a mismatched subnet mask. Check to be sure that the local and remote subnets match up on each side of the VPN tunnel.
What kind of device is the remote end?
Is either end behind another device doing NAT?
I'll ask but definitely no NAT. we're both public ips peering each other
Doe your phase 2 have more than 1 subnet in it? If so, then others have previsouly said you need to (on the Fortinet) "Needed to build an extra phase 2 tunnel instead of putting 2 subnets in one phase 2 configuration."
Thanks I'll ask them to do that.