Unable to ping from Hub to spoke

Athena_prasad
Here to help

Unable to ping from Hub to spoke

Hii everyone,

 

Actually my infrastructure is main firewall is fortigate and Meraki switches.

Meraki switches are connected to fortigate. And everything is working fine. 

Were as Meraki switches are in separate Meraki dashboard organization.

And now i have created another separate Meraki dashboard organization and added mx67 firewall and taken internet connection from one of the fortigate firewall port and mx67 firewall is up now. 

And I hav connected one lan cable from switch to mx67. But remember both Meraki switche and Meraki mx67 are in different organisation.

I have created separate vlans in switch floor wise in the switch. 

I have created static route in switch and as well in mx67. 

And i hav added almost 12 mx67 devices in existing Meraki mx67 organization. And enabled all site to site vpn and set all as hub. In Meraki dashboard i am able to ping all locations but I am not able to ping from my laptop from main hub were switches and mx67 are there. If i connect lan to my laptop and ping any of the MX ip of the location. It's not pinging. I hav put static route and all still not pinging from laptop. Kindly pls suggest me in simple way wer i can ping all locations MX ip from my laptop if i connect to switch lan port. 

 

 

5 REPLIES 5
BrechtSchamp
Kind of a big deal

Hi @Athena_prasad , would it be possible for you make a drawing of your setup? It would be easier to understand for us.

Please find the link below for your reference.

1. I have created routes in Fortigate firewall too for which the vlans has been created for switches in meraki. I just wanted to ping all my mx67 ip's from my pc sitting in main hub.

https://drive.google.com/file/d/1qY7izlEY5akmMUvd_ITSMP_tbWGCXHBD/view?usp=sharing

Athena_prasad
Here to help

Please find the link below for your reference.

1. I have created routes in Fortigate firewall too for which the vlans has been created for switches in meraki. I just wanted to ping all my mx67 ip's from my pc sitting in main hub.

https://drive.google.com/file/d/1qY7izlEY5akmMUvd_ITSMP_tbWGCXHBD/view?usp=sharing

Okay, so in your L3 switch you have routes for the LAN subnets of the MX's (192.168.1.0/24, 10.0.17.0/24, 10.0.21.0/24). They're pointing to the IP the uppermost MX has on the link between it and the L3 switches?

 

Inversely you have a static route pointing to the 10.0.2.0/24 subnet in the network of the uppermost MX pointing to the IP the L3 switch has on the link between it and the uppermost MX?

 

You've also set that last route to "participate" in the site-to-site VPN network?

 

The L3 switches are the default gateway for the 10.0.2.0/24 subnet?

 

Are those assumptions correct?

 

Have you opened up the firewall (Firewall & SD-WAN > Firewall) in the uppermost MX?

Hii sir,

 

Actually now what i did is i have connected internet port of MX67 to meraki switch port DHCP. And now the internet is working fine and i got dhcp local ip is 10.0.0.55. 

but still i am unable to ping the spoke ip's from my laptop. and my laptop is also connected to the same switch were meraki mx67 is connected. my laptop ip is 10.0.0.54. There is static route in the switch and as well in mx67. but still i am unable to ping.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels