site-to-site VPN connection Dropping

TLO3346
Getting noticed

site-to-site VPN connection Dropping

Hello Everyone, 

I have around 10 Networks that are independent hubs that have site to site VPN enabled to each other.

For some reason, some site to site VPN connections (it's not occurring for specific networks but would be totally random) will drop during "after hours (6PM- 5AM)" of the day then come back online a few minutes later. So it doesn't affect the network during the work time of the day.

I get around 5 alerts every night due to this alert and can't seem to figure out why.

This is not that big of an issue as it doesn't affect the network during the day but it would drop our phone switch connections which won't come back online the next day. 

 

Any thoughts? 

 

Thank you!

8 REPLIES 8
Inderdeep
Kind of a big deal
Kind of a big deal

@TLO3346 :  Any troubleshooting done ?

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Troubleshooting

 

Other helpful thread 

https://community.meraki.com/t5/Security-SD-WAN/MX-to-MX-Site-to-Site-VPN-Dropping-Packets/td-p/5577...

 

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
PhilipDAth
Kind of a big deal
Kind of a big deal

These are AutoVPN connections?

 

Is the public IP address directly on the MX, or is it sitting behind another device doing NAT?

PhilipDAth
Kind of a big deal
Kind of a big deal

Any chance a staff member is switching something off when they go home?

HowardGrace
New here

A similar problem. The VPN is often reconnected to another IP. I'm also looking for a solution!

@Inderdeep Troubleshooting doesn't address intermittent device VPN connections going down. And PacketLoss I think is a different issue than my own as the device it self drops from the network completely for a few minutes. No red detected in VPN statuses.

 

@PhilipDAth These are AutoVPN connections?

Yes. 

@PhilipDAth Is the public IP address directly on the MX, or is it sitting behind another device doing NAT?

Directly on MX.

@PhilipDAth Any chance a staff member is switching something off when they go home?

I do not believe so as these events happen only for a couple minutes at a time at random times at night.

 

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

That is unusual.  I assume you are using the latest stable firmware?

 

I wonder if the ISP is doing after-hours maintenance.

Bruce
Kind of a big deal

@TLO3346 Do you have a static IP address? Or could this be the ISPs DHCP or PPPoE issuing you a new IP address?

TLO3346
Getting noticed

 @Bruce I don't believe so, we have static IPs on all disconnecting sites.

 

@PhilipDAth That's a good though but we also have two WAN IPs at these sites so it should have just done load balancing to the other WAN if one fails but it just falls off the network and no messages regarding the WAN disconnecting is never recorded.

 

Could these be False Positives??

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels