What is causing these numerous Enterprise WAN outages?

Here to help

What is causing these numerous Enterprise WAN outages?


Please see image below.

These Merakis are connected to different locations by VPN through vanilla internet.

Please, what would you guess is causing these numerous Enterprise WAN outages?

Thank you.




Meraki Employee
Meraki Employee

While some of the apparent outages overlap, time-wise, there doesn't seem to be a clear pattern here, which  would suggest a common cause to me - but I would maybe look at the Hub itself, from an Org > Summary report and check it's not being over-stretched, utilisation wise:   https://documentation.meraki.com/MX/Monitoring_and_Reporting/Device_Utilization

Did you compare the availability of the individual Spoke MXs' uplink(s) with the reported VPN availability?


Did you raise a case with Meraki Support?

Kind of a big deal
Kind of a big deal

That is a tough one.  My guess is something to do with NAT somewhere because of the variations.


Does the Data Centre MX have a private IP address, and is it sitting behind something else doing NAT?

If so, the device doing NAT might be expiring the NAT entries after a certain amount of time (or perhaps on last usage).

If this case applies, you could test this out by changing the DC to using manual NAT traversal and setting up a specific port forward for AutoVPN on the device doing NAT.



Are the spokes sitting behind a CPE doing NAT?  If so, is the CPE in use the same for all the affected sites?

If so, check out firmware versions on the CPE.  Maybe even try a different model CPE.

Your input was valuable.


Please see below setting within Meraki hub - Site to Site VPN Settings...


NAT traversal
  •  Automatic
    Connections to remote peers are arranged by the Meraki cloud.


QUESTION: When the Meraki cloud automation erects this VPN to other Meraki devices, does this VPN timeout after an allotted time, or does this tunnel remain up indefinitely? (on non Meraki devices a time limit is set)

On the Meraki side the tunnel will essentially stay up permanently, but as @PhilipDAth  points out, the associations in an upstream firewall or other NAT may well expire.   Going for nailed up manual NAT traversal at the Hub end would be a really good idea.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.