Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Become a member of the Cisco Meraki Community today
Get answers from our community of experts in record time.
Join now- About Phi1001
About Phi1001
Phi1001
Here to help
Member since May 2, 2025
Jul 18 2025
Community Record
17
Posts
7
Kudos
0
Solutions
Badges
Jul 18 2025
5:40 AM
Sir, I switched to ikev1 and I could communicate with all of their VLANs. But, when I changed the peer id from its primary IP address to their FQDN. It isn't working anymore. Please help
... View more
Jul 17 2025
6:54 AM
2 Kudos
Okay. A part of the problem is fixed. I can reach both the subnets when I switched over to ikev1. Now, I have to configure VPN failover on Palo Alto. I have created two tunnels to each of their WANs. Does Meraki need to configure two separate tunnels from each of their WAN connections?
... View more
Jul 15 2025
12:58 PM
2 Kudos
Damn..😂😂😂...sorry for my wrong choice of words. I'll keep your advice in mind though. It will helpful in a different ball game
... View more
Jul 15 2025
8:48 AM
For one of their VPNs, I have to configure 192.168.67.0/24, 10.67.41.0/24. I am not sure how to club them ..
... View more
Jul 15 2025
6:58 AM
2 Kudos
Ok.. So, they have multiple tunnels. I fixed one of them. They have 3 subnets - 10.2.1.0/24, 10.2.19.0/24, 10.2.71.0/24. But, I used 10.2.0.0/16 as the remote subnet which encompasses all of them.. Apparently, that fixed the issue and they can reach our server now from all the VLANs. I am not sure if it is a permanent fix. And, I should use their FQDN since they have dual WAN connections and they can only carry out the VPN failover if we configure their FQDN
... View more
Jul 11 2025
10:49 AM
Sure, I will share the ike configuration in a bit .. I don't have nat traversal on since the client said that they didn't have any nating device between their isp modem and meraki. However he has nat traversal as auto on his side. I have made my side,palo alto, passive since I read in an article that said if we have to configure our side as passive if the peer is using dynamic wan ip address.
... View more
Jul 11 2025
10:15 AM
Thank you for your response, Sir. I tried using ikev1 but apparently, Palo Alto doesn't support peers using FQDN in Ikev1 .
... View more
Jul 10 2025
12:57 PM
I don't think so
... View more
Jul 10 2025
11:05 AM
Hello Corey, We have policy-based VPNs and not route-based. We have one default route for all the VPNs.
... View more
Jul 10 2025
11:04 AM
FYI, Meraki has dual WAN. And I have configured Palo Alto to accept dynamic Peers with remote Ike ID being their FQDN. If it makes any difference
... View more
Jul 10 2025
5:51 AM
VPN between our palo alto and client's meraki is up. but only one subnet of the client out of 4 is reachable. Subnets are added on both sides of the VPN. What could be the issue? Really need your help here
... View more
Labels:
- Labels:
-
Firewall
May 5 2025
5:24 AM
1 Kudo
Thank You, Sir. I'll try that.
... View more
May 5 2025
5:24 AM
Thanks for the information. Currently, phase 1 lifetime is set to 28800 seconds for phase 1 and 3600 seconds for phase 2. But, as per your article, both lifetimes are set to 28800 by default. I will change the phase 2 lifetime to 28800 seconds and try again.
... View more
May 2 2025
8:08 AM
We have an ikev1 site-to-site VPN between client's Meraki and our Palo ALto. The issue is as follows : The VPN goes down after the phase 2 lifetime expires and doesn't renegotiate on its own. It only comes up when the traffic is initiated from Meraki's side and remains active until the pings from Meraki are going on. Please advise. How do we fix this issue.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 1672 | |
| 2 | 1782 | |
| 2 | 1816 | |
| 1 | 1387 |
© 2025 Cisco Systems, Inc.
