vpn_type: site-to-site, peer connectivity issue

vmx
Comes here often

vpn_type: site-to-site, peer connectivity issue

Hi,

 

I am getting the below error message from branch Meraki MX 250 to Vmx100 which is in AWS. This error occurring in different intervals with 1minute downtime everyday. Please let us know what will be the cause for this error and how to solve this.

 

Error:

The site-to-site VPN connection to Amazon Web Services is now up.


At 02:45 PM the site-to-site VPN connection to Amazon Web Services came up
At 02:45 PM the site-to-site VPN connection to Amazon Web Services went down.

 

 

15 REPLIES 15
BrechtSchamp
Kind of a big deal

Are you using AutoVPN or 3d party VPN for this tunnel?

vmx
Comes here often

It's AutoVPN. AWS vMX configured as a hub and branches MX devices configured as a spoke.

BrechtSchamp
Kind of a big deal

Okay, in that case I'd get into contact with the Meraki helpdesk. AutoVPN is kind of like magic, so unless it doesn't work at all I'd expect it to be stable.

 

Maybe there's unstability on the Meraki shard you're connected to, and it needs to be changed.

 

Meraki helpdesk will be able to check in the backend what is happening.

vmx
Comes here often

Thanks for your response. Please let us know anything needs to done in Meraki.

BrechtSchamp
Kind of a big deal

I recommend to open a helpdesk case. Click Help > Cases and then the New Case button:

2019-02-21 15_01_56-Cases - Meraki Dashboard.png

vmx
Comes here often

Thanks for your help. If i raised a case, Is all the organization Administrators will get alerts with case id ?

BrechtSchamp
Kind of a big deal

All administrators will be able to see the case in the Help > Cases page. But only you will get an e-mail when Meraki responds.

vmx
Comes here often

Ok. Thanks for your prompt response.

PhilipDAth
Kind of a big deal
Kind of a big deal

Very rarely you get a physical host in Amazon AWS with an issue.  I would try shutting down the VMX and then starting it (don't do a reboot - it must be a shutdown).  This usually moves you onto new physical hardware.  I think I would try this first.

 

I've never had to do it for the VMX - but you could consider using the manual port forward for the VMX in Amazon.

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Settings#NAT_Traversal

 

If you do this, make sure you create a firewall rule in Amazon to allow the specific port through.

GreenMan
Meraki Employee
Meraki Employee

All good ideas posted already, but I just wanted to check;  do you have other MXs also with AutoVPN tunnels into the same vMX?   If so - are those stable?   I assume so, but have you checked the stability of the uplink on the Spoke MX itself?

vmx
Comes here often

Yes, We have other MXs and those are stable. Uplink stability is also fine. We dig deeper in this issue and identified the connectivity error between spoke WAN2 uplink which is in Ready state . Also same logs observed from vMX for this particular spoke location WAN2 uplink alone.

 

No error observed from other spoke locations MXs. 

vmx
Comes here often

Can someone help me to understand why this alert triggering from the particular spoke location warm spare interface alone ?

vmx
Comes here often

Sorry. Ignore my previous update. Its not a warm spare. It is WAN2 interface which is in ready state in the same device.

vmx
Comes here often

Now we observed the same error from other Spoke location MXs. Please let us know the cause for this issue and how we can mitigate this ?

GreenMan
Meraki Employee
Meraki Employee

I think you need to raise a Support case for this.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels