Hi everyone, I've been having some major issues with a Meraki MX80's VPN to one site previously running a Cisco 89x series and now a Ubiquiti EdgeRouter ER8-Pro.    MX80 is on firmware 13.28. IPSEC has 3DES/SHA1 with lifetime of 86400 for both Phase 1 and 2.   What I've found is that if a change is made in the site-to-site VPN settings - such as adding/removing a subnet on any of the peers - the Meraki closes ALL tunnels and recreates them. When this happens, certain types of traffic stop passing through the tunnel to this site. For all intents and purposes the tunnel is up, however not everything works.    At the Cisco/Ubiquiti end, this manifests as failed authentication attempts to domain controllers, file shares stop working etc. The only way to fix it is to restart IPSEC on the Cisco/Ubiquiti end. I can recreate this like clockwork by simply making a change to one of the peers on the Meraki console. Within a few seconds, the tunnels drop and recreate fine but with only some of my traffic passing through.      Tonight I've had a breakthrough. By adjusting the MSS down to a conservative 1300 on all interfaces, the problem has magically gone away. As soon as I made the change, traffic started flowing freely. I didn't need to restart IPSEC, it literally just came good. I then made 10+ changes to the Meraki peer console to try and force it to break, and each time the tunnel would drop, recreate and resume normal operation.  Obviously it's too early for me to say whether this has completely resolved it, but I thought it worth sharing as I've tried almost everything else and hopefully it points someone in the right direction.     EdgeOS Commands :  set firewall options mss-clamp interface-type all set firewall options mss-clamp mss 1300 ... View more