Meraki

Community

site-to-site tunnel connection details on MX

BrentB
Comes here often
14 hours ago
14 hours ago

site-to-site tunnel connection details on MX

Hello,

 

Relatively new to the Meraki word and the MX devices. We created a site -to-site tunnel with an MX in another organization. The users have reported issues accessing resources on our end and trying to see what details we can get on the link. The VPN status usage & Latency on the MX seems to be an overall and seem to be unable to drill down into details on the specific peer link. Have I just been missing where to look? 

0 Kudos
8 Replies 8
RWelch
Head in the Cloud
14 hours ago
14 hours ago

Site-to-Site VPN Troubleshooting 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
BrentB
Comes here often
14 hours ago
14 hours ago

That is just it .. everything for a single day or for the past week has all been green. Thee are other Meraki devices such as Z1s or Z3s that are connected and have nothing from those end users. I was hoping to be able to isolate the specific tunnel and see if it would give me any usage or latency details as they say high latency would cause the issues they are facing.

0 Kudos
In response to BrentB
RWelch
Head in the Cloud
14 hours ago
14 hours ago

Latency.png

If you go into the VPN status page and select the PEER status it will show latency (avg) for that VPN.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to BrentB
RWelch
Head in the Cloud
13 hours ago
13 hours ago

Is there data flow to/from the MX Z appliances?  Seems odd if they are active that you have no visibility on their status.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
tnco
Conversationalist
14 hours ago
14 hours ago

Is your VPN connection normal?

If it is not normal, there may be a problem with the uplink, so you need to troubleshoot according to the documentation.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshoo...

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Troubleshooting

 

Uplink historical data is also useful for investigating the uplink. If the results are bad, you will know that there is a problem with the uplink.

 

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Appliance_Status/MX_Uplink_Settings#His...

0 Kudos
RWelch
Head in the Cloud
14 hours ago
14 hours ago

Have you enabled the HUB local resources they are trying to reach remotely (VPN mode ENABLED)?

Dashboard > Security & SD-WAN > Configure > Site-to-Site VPN under VPN Settings (Local Networks)?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
6 hours ago
6 hours ago

A common issue with MX when using IKEv2 is that only a single (source,destintion) subnet combination can be active at a time.  So if you have 3 subnets in the first org and 4 in the second, of the 12 combinations only 1 can work at a time.  IKEv1 doesn't have this issue on MX.  Consider using IKEv1 if you are not already.

 

If one of the orgs has a lot of sites, a more scalable solution is to get an additional MX and run it in VPN concentrator mode.  Add it to org1, and install it behind a hub MX in org2.

 

In org2, and static routes pointing to the org1 MX behind it, and distribute those into AuvoVPN.

In org1, and "local routes" to the VPN concentrator sitting inside of org2.

 

Then all spoes (and hubs) can talk to all other spokes (and hubs).

In response to PhilipDAth
RWelch
Head in the Cloud
5 hours ago
5 hours ago

Good to know info, now I'm going to go back and look to see if my site connections are v1 or v2. 🤔🤔🤔

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.