Meraki

SopheakMang · ‎Feb 23 2020

Dear expert ,

normally when my branch have dplc connect to HQ , i just can form VPN to HQ just fine and fast.

but when my new branch has only internet , and we also use MX at that branch. we try to form vpn to HQ via public ip.

vpn takes so long to get start and not working ,when ping to local server or internet.

my question : do we mis config ? or do we need to allow inbound port on our internet firewall at HQ ? ( we use Paloalto ) as internet firewall. i don't know if paloalto block session of these udp port or not. pls help verify

RichardChen1 · ‎Feb 23 2020

Hi @SopheakMang ,

Can you tell me more about your network topology with MX?

Does your branch have local internet or via HQ (dplc)?

In general if MX is behind a Firewall, there are outbound ports and public ips to be allowed.

You can find out more from Dashboard -> Help -> Firewall info

SopheakMang · ‎Feb 23 2020

Dear Richard ,

I have DC and DR (VPN concentrator same gateway router ( Paloalto) .

then all of my branch has dplc , but only one branch has local internet ( which is not working like other branch that has local dplc) , these branch are added into same template. but the branch that has local internet seem can't peer vpn to HQ.

RichardChen1 · ‎Feb 24 2020

On your vpn concentrator make sure the public ip and ports are allowed on PA.

Dashboard -> Help -> Firewall info

On the spoke MX, go to dashboard -> Monitor -> VPN Status see if you have any error message.

Meraki

Community

site2site VPN to HQ

site2site VPN to HQ