cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What is causing these numerous Enterprise WAN outages?

MicJameson
Here to help
‎05-30-2022 03:57 AM
‎05-30-2022 03:57 AM

What is causing these numerous Enterprise WAN outages?

Hello.

Please see image below.

These Merakis are connected to different locations by VPN through vanilla internet.

Please, what would you guess is causing these numerous Enterprise WAN outages?

Thank you.

 

MicJameson_0-1653908187656.png

 

Labels:
0 Kudos
Subscribe
4 REPLIES 4
GreenMan
Meraki Employee
Meraki Employee
‎05-30-2022 08:38 AM
‎05-30-2022 08:38 AM

While some of the apparent outages overlap, time-wise, there doesn't seem to be a clear pattern here, which  would suggest a common cause to me - but I would maybe look at the Hub itself, from an Org > Summary report and check it's not being over-stretched, utilisation wise:   https://documentation.meraki.com/MX/Monitoring_and_Reporting/Device_Utilization


Did you compare the availability of the individual Spoke MXs' uplink(s) with the reported VPN availability?

 

Did you raise a case with Meraki Support?

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎05-30-2022 01:30 PM
‎05-30-2022 01:30 PM

That is a tough one.  My guess is something to do with NAT somewhere because of the variations.

 

Does the Data Centre MX have a private IP address, and is it sitting behind something else doing NAT?

If so, the device doing NAT might be expiring the NAT entries after a certain amount of time (or perhaps on last usage).

If this case applies, you could test this out by changing the DC to using manual NAT traversal and setting up a specific port forward for AutoVPN on the device doing NAT.

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#NAT_Traversal 

 

Are the spokes sitting behind a CPE doing NAT?  If so, is the CPE in use the same for all the affected sites?

If so, check out firmware versions on the CPE.  Maybe even try a different model CPE.

Subscribe
In response to PhilipDAth
MicJameson
Here to help
‎05-31-2022 09:20 AM
‎05-31-2022 09:20 AM

Your input was valuable.

 

Please see below setting within Meraki hub - Site to Site VPN Settings...

 

NAT traversal
  •  Automatic
    Connections to remote peers are arranged by the Meraki cloud.

 

QUESTION: When the Meraki cloud automation erects this VPN to other Meraki devices, does this VPN timeout after an allotted time, or does this tunnel remain up indefinitely? (on non Meraki devices a time limit is set)

Subscribe
In response to MicJameson
GreenMan
Meraki Employee
Meraki Employee
‎05-31-2022 09:31 AM
‎05-31-2022 09:31 AM

On the Meraki side the tunnel will essentially stay up permanently, but as @PhilipDAth  points out, the associations in an upstream firewall or other NAT may well expire.   Going for nailed up manual NAT traversal at the Hub end would be a really good idea.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki