VPN Failed

Here to help

VPN Failed

I made an adjustment to a firewall that I had setup as a HUB in my S2S environment. This firewall had no users connected to it so I changed the hostname of the firewall. A couple of minutes later I started getting reports that users all over were not able to use the VPN, getting authentication errors and PPP server not responding from the other HUBS. Unsure as to what happened but knowing that it had something to do with the change I checked various settings and verified DNS information (still pointing to the other HUBS) and RADIUS servers, all were good, but the issue persisted. I ended up changing the firewall from a HUB to a SPOKE and that resolve the issue with one of my HUBS but not the other. I ended up removing the non-working HUB from the SPOKE list and the issue was resolved. As of right now, this firewall is still setup as a SPOKE and need it as a HUB.

Can someone tell me if and when I can change it back or if I have to use the old hostname that it was originally prior to the change. 

I would also like to know how this could have happened where changing the hostname of this firewall would drop all other HUBS and deny VPN connections. Any information would be extremely helpful, thank you.

New here

I've been dealing with this all week from behind firewall. Outside of firewall say, with cellular AP i can connect fine to vpn. I was thinking Windows update broke something in L2TP settings. I've removed adapters and reset network adapters to no avail. Not sure the configuration change is the culprit. I've also removed Windows updates for the past month. My issues seem to be from behind any type of NAT'ed firewall I can't connect to Meraki. Perhaps the same is going on for you. I've opened a ticket with Meraki. NAT-T on/off in registry doesn't seem to make a difference. 


I appreciate the comment but that is not what it was. It has something to do with the firewall being a HUB, but I just don't understand why it would bring down the other HUBS. If anything, it would have been disassociated for a time being, unable to be reached and then it would have been reintroduced.


The VPN was and has been working without issue. I can reach Meraki from both inside and outside of my network. As soon as I made this change all my VPN tunnels went down and there was no VPN for anyone everywhere until I removed this firewall from the equation that I made the hostname change on.

I've been having issues with out VPN for just over a week now, tickets open with meraki and so far no resolution, i've got around 8-10 users who have such terrible connections to the VPN and it causes their Remote Desktop clients to disconnect as well. 

Here to help

I got a response from Meraki and they said to shut it off and turn it back on again. That did solve the issue and the issue didn't reoccur but that doesn't explain why it happened in the first place. The only thing I can think of is since it was a HUB, even though nobody used it for connections, that it had to be depreciated to a SPOKE and then you could make these kinds of changes. To be fair, the system did warn me to some extent as in "Changing the DDNS hostname will force the device to fetch a new AnyConnect VPN device certificate so please change this setting sparingly." I just think they could reword it since nothing happened to my AnyConnect, but my worldwide S2S links died because of it.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Community News