I am working with a client that has Meraki MXs at each of their 5 sites and each site has a S2S back to our datacenter. Every site seems to be functioning fine except for their main site. The tunnel went down earlier today and came back up but all subnets weren't reachable and I had to initiate traffic from the servers at the datacenter to bring the SAs back up. All the sites are configured the same for VPN tunnels. Phase 1 we are using IKEv1, 3DES, SHA1 and Phase 2 we are using AES256 SHA1 no PFS on both sides. We are also using a lifetime of 28800 on both sides. We have confirmed both sides match. I have seen in some Meraki forums that Meraki had to disable NAT-T on the backend and lifetimes also had to be adjusted. The Meraki is running 18.211.2 and the ASAv is running 9.12.4.67. I am not sure where to go next and just want to put this issues to bed. Any help would be greatly appreciated. ... View more

I have a client that decided to switch ISPs on their own. AT&T installed an MX67. They gave the customer a /29 block. They configured the MX67 in passthrough. The Meraki WAN is configured with .122 in the block and it's default gateway is set to .121. The ISP told us we could just plug the SonicWall into one of the open LAN ports  on the Meraki and we could use the next IP in the block .123. We have been unable to get this to work. We even tried configuring a laptop in the static block and it's not working either. Am I missing something to make this work? I am unable to ping .121 and .122 from the SonicWall as well. ... View more

Hello all,   We have a client that has a MX84. They also have a Palo Alto that is managed by another vendor but sits inside the network and they have servers that sit behind the Palo Alto. Is it possible to configure a non Meraki VPN between the MX and the Palo using a private IP for the peer address? If you have any other questions please let me know ... View more