non-meraki site-to-site

route_map
Building a reputation

non-meraki site-to-site

Hi team

 

if i have 2 organizations, one using mx65 and one mx64 do i have to configure non-meraki vpn

I have followed the guides to the tee, stuck with the below error

 

VPN non meraki issue.JPG

 

VPN non meraki issue2.JPGVPN non meraki issue3.JPG

10 REPLIES 10
Cmiller
Building a reputation

I see you are using a Custom IPsec Policy. I would double and triple check them as Phase 1 isn't connecting. If all looks right try using the default profile and see it will connect
route_map
Building a reputation

i just changed, wil give it a few minuteVPN non meraki issue4.JPG

route_map
Building a reputation

should the public ip and wan be different?

Cmiller
Building a reputation

Generally no.... what are the ISPs for these setups? Are they using home routers? Almost always need to do some port forwarding/DMZ setup on the router.
PhilipDAth
Kind of a big deal
Kind of a big deal

A common cause of a phase 1 error is a mis-matching PSK.  I have also had issues in the pasy with complex PSKs and issues with specific special characters.  Perhaps try a simple PSK to being with like "password".

 

Are the public IPs directly on each WAN interface of each MX, or is one/both of them behind a NAT gateway?

route_map
Building a reputation

one mx is connecting using cellulare

other one is a direct link

route_map
Building a reputation

So i dont want to open another topic, but i am still not winning and my ISP say that havent blocked any ports.

 

CLient VPN doesnt work

Auto VPN doesnt work

Non Meraki VPN doesnt work

 

I am literally losing it

Do you have the exact same IPSec policies set on both devices as well as the PSK? Also make sure you put in all of the private subnets you want to be able to traverse the tunnel in there because your screenshots show 192.168.8.x failing but you don't have that subnet in either VPN.

PhilipDAth
Kind of a big deal
Kind of a big deal

Who is your ISP?

route_map
Building a reputation

local ISP - metrofibre in South africa

 

ok so i changed the local subnet to 192.168.0.0/24 and added it to my local subnet to go via vpn

i see it moved from stage 1 to stage 2, or did it?VPN non meraki issue6.JPG

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels