Meraki

Community

non meraki peers

Solved
dmorenomx
Here to help
‎Dec 20 2023 5:34 PM
‎Dec 20 2023 5:34 PM

non meraki peers

Hello!! I have a issue and I don't know how to solve it. My question is: Can a meraki make a dialing to non-meraki peer? I mean, the non-meraki peer its configured as server, so the peers must to dial to make a connection, but. I checked the vpn log on the meraki appliance and it does not make any dialing to non-meraki peer. It seems like its only "hearing" to get the connection up. Does anybody has a similar case?

 

Thank you

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 21 2023 12:50 PM
‎Dec 21 2023 12:50 PM

The Meraki MX will initiate a connection once it sees traffic matching the destination encryption domain.

View solution in original post

7 Replies 7
Brash
Kind of a big deal
Kind of a big deal
‎Dec 20 2023 5:48 PM
‎Dec 20 2023 5:48 PM

Meraki MX devices do support establishing  IPSEC tunnels to non-meraki devices

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings#Non-Meraki_VPN_Peers

In response to Brash
dmorenomx
Here to help
‎Dec 20 2023 6:24 PM
‎Dec 20 2023 6:24 PM

Hello Brash, thank you for the link. Yes I've created VPN between non-meraki peers and meraki devices. There is not prolbem, I can connect to non-meraki peers when the non-meraki peer "dial" to the meraki appliance. In this case the meraki device has to "Dial" to the non-meraki peer. I don't find any option to "Dial" to the non-meraki peer from de Meraki device. Do you know how to make the dial from the meraki device?

 

Thank you

 

Regards

0 Kudos
In response to dmorenomx
Brash
Kind of a big deal
Kind of a big deal
‎Dec 20 2023 6:45 PM
‎Dec 20 2023 6:45 PM

The MX should be able to initiate the negotiation of the tunnel.

Do you see any events in the Meraki event log? Specifically using the following filter

 

Brash_0-1703126631115.png

 

If you do a packet capture outbound on the MX, do you see packets going out towards the destination?

If you're using FQDN, make sure that the MX can resolve the domain name.

 

0 Kudos
In response to Brash
dmorenomx
Here to help
‎Dec 20 2023 7:30 PM
‎Dec 20 2023 7:30 PM

Hello again Brash!! 

 

Yes, I can see in the log table no activity from meraki device trying to connect to the non-meraki peer. It's so strange. I supposed that meraki device could make the dialing, but it's seems that is not happening. I'll try restarting the meraki device, but I don't think that it works. 

 

Best regards

0 Kudos
dmorenomx
Here to help
‎Dec 20 2023 9:00 PM
‎Dec 20 2023 9:00 PM

Hello Brash, the only message I've got after restarting the meraki device was "

msg: FIPS mode disabled"

There is no activity to establish coonection with the non-meraki peer

 

Regards

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 21 2023 12:50 PM
‎Dec 21 2023 12:50 PM

The Meraki MX will initiate a connection once it sees traffic matching the destination encryption domain.

In response to PhilipDAth
dmorenomx
Here to help
‎Dec 21 2023 6:39 PM
‎Dec 21 2023 6:39 PM

Hello Phillip!! You are right!! I sent pings to the non-meraki peer and the connection gots up.

 

Thank you to all of you for your help

 

Regards!!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.