cancel
Showing results for 
Search instead for 
Did you mean: 

non-meraki site-to-site

Getting noticed

non-meraki site-to-site

Hi team

 

if i have 2 organizations, one using mx65 and one mx64 do i have to configure non-meraki vpn

I have followed the guides to the tee, stuck with the below error

 

VPN non meraki issue.JPG

 

VPN non meraki issue2.JPGVPN non meraki issue3.JPG

10 REPLIES 10
Getting noticed

Re: non-meraki site-to-site

I see you are using a Custom IPsec Policy. I would double and triple check them as Phase 1 isn't connecting. If all looks right try using the default profile and see it will connect
Getting noticed

Re: non-meraki site-to-site

i just changed, wil give it a few minuteVPN non meraki issue4.JPG

Getting noticed

Re: non-meraki site-to-site

should the public ip and wan be different?

Getting noticed

Re: non-meraki site-to-site

Generally no.... what are the ISPs for these setups? Are they using home routers? Almost always need to do some port forwarding/DMZ setup on the router.
Highlighted
Kind of a big deal

Re: non-meraki site-to-site

A common cause of a phase 1 error is a mis-matching PSK.  I have also had issues in the pasy with complex PSKs and issues with specific special characters.  Perhaps try a simple PSK to being with like "password".

 

Are the public IPs directly on each WAN interface of each MX, or is one/both of them behind a NAT gateway?

Getting noticed

Re: non-meraki site-to-site

one mx is connecting using cellulare

other one is a direct link

Getting noticed

Re: non-meraki site-to-site

So i dont want to open another topic, but i am still not winning and my ISP say that havent blocked any ports.

 

CLient VPN doesnt work

Auto VPN doesnt work

Non Meraki VPN doesnt work

 

I am literally losing it

New here

Re: non-meraki site-to-site

Do you have the exact same IPSec policies set on both devices as well as the PSK? Also make sure you put in all of the private subnets you want to be able to traverse the tunnel in there because your screenshots show 192.168.8.x failing but you don't have that subnet in either VPN.

Kind of a big deal

Re: non-meraki site-to-site

Who is your ISP?

Getting noticed

Re: non-meraki site-to-site

local ISP - metrofibre in South africa

 

ok so i changed the local subnet to 192.168.0.0/24 and added it to my local subnet to go via vpn

i see it moved from stage 1 to stage 2, or did it?VPN non meraki issue6.JPG

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.