SITE TO SITE VPN is not working

Marc1
Comes here often

SITE TO SITE VPN is not working

Hello Together
 
I have a problem in my network with the Site to Site VPN. My MX are all online and have an Internet connection. But the connection between the two sites does not work. With VPN status, everything looks fine except for the connectivity between the two sites. My site A is configured as a hub under Site to Site VPN and site B as a spoke.
 
Does anyone have an idea what the problem might be here?
 
Thanks!
 
12 Replies 12
merakichamp
Building a reputation

@Marc1  just check this site it might help you identify the issue

 

 Site-to-Site VPN Troubleshooting

Marc1
Comes here often

Hi @merakichamp 

 

Thanks for your reply.

I already troubleshoot with this site.

 

The MX84 from location A is connected to a D-Link 4G router, which runs DHCP. Is it possible that a rule needs to be created on the D-Link? 

 

 

 

merakichamp
Building a reputation

so you have a non meraki device on the topology right?

Marc1
Comes here often

The D-Link Router is my Gateway to the Internet.

AnythingHosted
Building a reputation

Have you put the MX IP in the DMZ on the D-Link router?
Marc1
Comes here often

Yes

Marc1
Comes here often

 Do you know if I need to make any specific settings on the ISP router? Or do you have another idea what could be?

AnythingHosted
Building a reputation

We have deployed several sites where the MX sits behind the BT modem/router.

We plug the WAN port of the MX into one of the LAN ports on the BT router, and then set the MX IP to be in the DMZ and set this to a fixed assignment. Both Site-to-Site and Client VPN work.
PhilipDAth
Kind of a big deal
Kind of a big deal

Can you give the MX a reboot?

Marc1
Comes here often

I already reboot the whole Network.

merakichamp
Building a reputation

 @Marc1 if then you have considered all the necessary steps for troubleshooting then i suggest you contact meraki support or  @MerakiDave who is here can assist 

MerakiDave
Meraki Employee
Meraki Employee

@Marc1 it sounds like you've been through all the basic troubleshooting and rebooting equipment just in case, you have your two MX appliances connected and they are online in Dashboard and have good connectivity out of each location, but the site-to-site VPN tunnel is not coming up.

I'm assuming when you go to Security & SD-WAN > Monitor > VPN Status, you can see the VPN peer listed in the table but perhaps it's all red with no connectivity and the usage/latency numbers might be 0. At the top of that page, look over the connectivity graph, is it all red or green or alternating, and if you hover over different pieces of it, is there anything about being unable to connect with the VPN Registry?

I'm assuming you have the local LAN subnets included in the VPN on the site-to-site configuration page. Also make sure you did not leave the local LAN subnets at the default on both MX appliances, otherwise you would have the default 192.168.128.0/24 in both places so I'm assuming they're unique subnets. Also take a peek at Security & SD-WAN > Monitor > Route Table and make sure that looks as you would expect.

If it seems like everything is configured as it should be and the S2S is just not coming up, I'd go ahead of open a ticket with Meraki Support, they will be able to check on the back end if and where the appliances are getting stuck building the tunnel.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels