Meraki

Community

VPN/Tunnels not working

Solved
Mx7733
Here to help
‎Jul 20 2025 10:16 PM
‎Jul 20 2025 10:16 PM

VPN/Tunnels not working

Hi,

I have a problem wit two Mx67 not talking to eachother. 

The VPN status is red and I'm not receving routing information from the HUB.

The Hub MxA is connected and working. It has 1 VLAN, VLAN 10, with subnet 10.250.0.0/29, enabled on VPN

It also has a statis to 10.250.0.1 which is reachable. 

 

The spoke MxB is connected to the internet and also has a VLAn, VLAN10, with subnet 10.250.1.8/29

There are no static routes. I would like to route all traffice through the HUB, but that doesnt work. 

 

In the VPN Status overview the connection is red and I cannot see subnet 10.250.0.0/29 in the ARP. 

Am I missing something? 

Labels:
0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 21 2025 1:35 PM
‎Jul 21 2025 1:35 PM

Do these MX have public IP addresses on them - or do they sit behind something doing NAT?

 

If you go to VPN Status:

PhilipDAth_0-1753130072820.png

 

Does it say everything is ok here?

PhilipDAth_1-1753130119741.png

 

View solution in original post

0 Kudos
9 Replies 9
RWelch
Kind of a big deal
Kind of a big deal
‎Jul 20 2025 10:23 PM
‎Jul 20 2025 10:23 PM

Meraki AutoVPN expects each local network (VLAN subnet) that you want to advertise over the VPN to be unique across your entire AutoVPN topology vs VLAN 10 on both MX devices.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to RWelch
Mx7733
Here to help
‎Jul 20 2025 10:31 PM
‎Jul 20 2025 10:31 PM

I changed the Spoke to VLAN11, still 10.250.1.8/29. Nothing happend, the tunnels is still not connected.

0 Kudos
In response to Mx7733
RWelch
Kind of a big deal
Kind of a big deal
‎Jul 20 2025 10:34 PM
‎Jul 20 2025 10:34 PM

Can you share a screen capture of your routing table?

And how long after making the change did you wait to see if the VPN status changed?  It's not immediate.

 

If using the /29 subnet, you will be limited to 6 usable IP addresses separate from the overlapping VLAN.

Without knowing more details, hard to speculate. 

 

Maybe this will help you Meraki Auto VPN - Configuration and Troubleshooting 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to RWelch
Mx7733
Here to help
‎Jul 20 2025 11:46 PM
‎Jul 20 2025 11:46 PM

Mx7733_0-1753080347008.png


It's has been about an hour now, and there still is no change. Ik cannot connct to the hub, which has 10.250.0.3

0 Kudos
In response to Mx7733
RWelch
Kind of a big deal
Kind of a big deal
‎Jul 20 2025 11:53 PM
‎Jul 20 2025 11:53 PM

If you look at your routing table, you can see 3 entries with a -- for VLAN 10.  I suspect because you are using it 3x with /29 subnet that it's causing problems.  

If it were me, I'd remove the duplicate VLAN 10 entries that appear to exist on both MXs and use one /24 subnet and VLAN not already used on the spoke in order to get things working.  Three entries for VLAN 10 is likely the issue.  

 

And you can hit the REBUILD button at the top of the routing table that will help you refresh the routing table to be current.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
Mx7733
Here to help
‎Jul 21 2025 1:06 AM
‎Jul 21 2025 1:06 AM

There is a NAT problem not allowing the tunnels to properly form. So I'm going to look into that. I will keep your tips in mind. Thanks you

 

0 Kudos
In response to RWelch
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 21 2025 1:33 PM
‎Jul 21 2025 1:33 PM

You can use the same VLAN tag consistently (such as 10) throughout.  The IP subnets must be unique.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 21 2025 1:35 PM
‎Jul 21 2025 1:35 PM

Do these MX have public IP addresses on them - or do they sit behind something doing NAT?

 

If you go to VPN Status:

PhilipDAth_0-1753130072820.png

 

Does it say everything is ok here?

PhilipDAth_1-1753130119741.png

 

0 Kudos
In response to PhilipDAth
Mx7733
Here to help
‎Jul 21 2025 11:57 PM
‎Jul 21 2025 11:57 PM

There was indeed a problem with NAT. After setting a manual NAT traversal it works. The NAT warning, you circled in red, is still orange, but it works!

Mx7733_0-1753167463055.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.