We made an update from version 18.107.2 to 18.211.2 and since then the phase 1 handshake failed after the 5th packet. For additional reference there is a FortiADC Loadbalancer in front of the Meraki. We already performed a lot of different tests (different SNATs, DNAT), but what we see in Wireshark is, the first 4 packets are always correctly handled between the LB and the Meraki in a single UDP-stream. Then the 5th packet is send from the LB to the Meraki in a new UDP-stream and the Meraki is answering with an ICMP TTL exceeded packet, causing the IPsec VPN to fail. We also noticed, that when there are no active sessions on the Meraki, the first user, who is trying to establish a VPN tunnel is successful. Any additional attempts are resulting in the ICMP TTL exceeded error. Is this a bug in this version or does it interfear with any non-optimal setting on the LB? The LB is simply configured in Layer4 mode with UDP profile and doing a SNAT. With the old software version everything runs fine without any changes on any other component. Any ideas how to further troubleshot this? Thank you!   Regards, Stefan ... View more