vMX - Tunnel is up but when trying to reach the remote end RTO.

BaronCSE
Here to help

vMX - Tunnel is up but when trying to reach the remote end RTO.

I have 2 tunnels that is up on the VPN Status page but when trying to ping the remote devices on the other tunnel I can't reach it and the remote devices is active and can be pinged by other network devices that has separated tunnel.

 

I have vMX which I manage and a remote end to Azure GW. When I rebooted the vMX it suddenly works.

I checked the logs nothing came up it just says remote connection is establish yet I can't see any replies from the remote end.

9 REPLIES 9
alemabrahao
Kind of a big deal

Is it non meraki vpn peers? Does it happen on the other side too?

The remote peer is Azure GW a non-Meraki peer. The remote end also can't ping and doesn't see any response.

v2. Configs are correct and it was working for almost 1 week then it just stopped working even the tunnels are up I can't reach the remote end.

Perfect, one more question, have you updated your MX recently? I had some issues like this in the past, but in my case, it happened after the upgrade.

I have the 16.15 last week and I upgraded it to 16.16 because the issue was that all the tunnels is up but can't see any responses from the other end when trying to ping. After the upgrade to 16.16 the issue was resolved then after a week the issue came back but this time it's only one tunnel. Note I only have 2 tunnels for ASA and Azure.

MarcP
Kind of a big deal

If there has been nothing done on both sites and its comes back after upgrading to the newest firmware, you should open a case at Meraki.

Well, I ran into a few issues during the setup, and here are some of the errors I did and how I corrected them.

1- Azure VPN gateway was set to route-based. I had to delete the VPN gateway and recreate the gateway with the VPN type as Policy-based
1- When configuring the site-to-site VPN on the Meraki dashboard, ensure the private subnets equal the address space configuration for your Azure virtual network.

Guess what, my on-prem lost reachability this Sat. The remote end is ASA but the Azure GW can still be reachable.

BaronCSE_0-1649074680927.png

This log was last week with Meraki support not sure why Azure is sending delete packet.
Gonna try to find out what happen to the on-prem.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels