Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About RB___
RB___
Here to help
Member since Mar 5, 2019
10-21-2021
Community Record
16
Posts
21
Kudos
0
Solutions
Badges
05-14-2021
11:56 AM
2 Kudos
That was it! So for anyone else stumbling on this post what I had to do was configure the Remote ID field the same as the Public IP field of the peer on the MX68. Once I did that and all the other settings were matching the tunnel came up instantly and I was able to pass traffic.
... View more
05-13-2021
09:44 PM
Hey @endrianusgohan! I seem to be experiencing the same issue as you did, but haven't gotten mine to work. Could you provide me with the exact Remote ID config that you used on the MX? For example in my case the peer has public IP 207.16.X.X, and only a single LAN with the peer being 10.1.1.1 (10.1.1.0/24 being the remote subnet I am trying to reach). So in my case would I configure 10.1.1.1 as the Remote ID on the Meraki? Any clarity you can provide would be greatly appreciated!
... View more
05-13-2021
09:42 PM
1 Kudo
Oh this could be something! I am going to try this tomorrow and see if it works. Fingers crossed! Will updated when I can
... View more
05-13-2021
02:13 PM
Interesting point Bruce thanks! I am on the newest 15.42.1 firmware for the MX68. I currently do not have the Local or Remote ID configured for the peer on the MX68 (Just obviously the public IP that the peer has). I do not see anywhere on the Ubiquiti end where I can configure a Local or Remote ID but I will have another look. Their GUI is not friendly... and the user guide documents are not detailed enough. Thanks!
... View more
05-13-2021
06:50 AM
Should be. I remember copy and pasting the PSK again on each end when I was trying to bring it up. I will be trying it again this coming Monday. I will first be trying to do it with PFS disabled, since I have read that sometimes that causes problems. And I will be sure to take packet captures this time to see the packet info. Thanks!
... View more
05-12-2021
07:39 AM
Hey Marc, So I was replacing an existing EdgeRouter Lite with the MX68. the EdgeRouter Lite had the VPN tunnel established originally so shouldn't be an issue with FW rules or the ISP router blocking the IPsec ports. Definitely have the correct subnet on the MX68 side and it is enabled (on) for S2S VPN as well. Public IPs are all good as well. The one thing that may cause an issue is PFS. So originally I saw that PFS was off on Meraki, but appeared enabled on the EdgeRouter Lite. So I enabled PFS on the MX68 but that didn't seem successful. Should I try with disabling PFS on both devices instead? When I check the event log on the Meraki it appears that Phase 1 is successful but Phase 2 is failing. These seem to be the errors I am getting: THanks,
... View more
05-11-2021
07:02 PM
Hi guys, I am having a very difficult time to get a VPN tunnel up between my EdgeRouter Lite and my Meraki MX68 firewalls. No matter the settings I change I can't seem to be able to pass traffic over the VPN tunnel site to site. I am using IKEv1 on both devices. The shared secret is definitely correct on both ends. These are the VPN settings I am using on the Meraki MX68: Phase 1 Configs AES 128 SHA 1 DH Group 14 Lifetime (seconds) 28800 Phase 2 Configs AES 128 SHA 1 PFS Group Disable Lifetime (seconds) 3600 Remote Subnet: 10.1.1.0/24 And these are the VPN settings I am using on the EdgeRouter Lite. I was not able to change any other config options through the GUI (I am not skilled enough to configure it through the CLI) AES 128 SHA1 DH Group 14 Local Subnet: 10.1.1.0/24 Remote Subnet: 10.2.1.0/24 From what I know these configurations should work but I just can't seem to get traffic to go over the tunnel. I've tried changing the DH group, lifetime values, enable PFS on the Meraki end for Group 1 etc. Anyone have any insight or experience with and EdgeRoute Lite to Meraki VPN before? Honestly any support will help at this point as I've spent all day on this. I tried getting Meraki support to assist as well and all they mentioned was that Phase 1 was establishing but not Phase 2. Thank you, Ryan
... View more
07-07-2020
01:12 PM
Hi Guys, Currently my setup looks something like this: Edge-MX >>> AutoVPN <<< Main-MX >>> IPSEC <<< ASA The MX at the main site has a VPN peer configured with the ASA and have networks exchanged between them. The Edge and Main sites MX devices uses Meraki AutoVPN for connection between some internal networks. My question is: How do I configure my devices so that the Edge site can access the networks through the ASA VPN peer. Do I need to configure the edge-MX to peer with the ASA as well? Would I just need to setup a static route pointing to the ASA networks using the main-MX as the next-hop? I feel like this should be quite simple but I'm scratching my head about it. Thank you!
... View more
11-21-2019
10:41 AM
1 Kudo
Thanks you @jdsilva ! Reading a little about that, I think that will work for my needs. I will look into it more and get back with any other questions I may have. Appreciate the response!
... View more
11-21-2019
09:12 AM
Hi Guys, I have been tasked at trying to help design/configure a deployment of MX67C's at remote sites to connect them back to the Data Center (Main Site) which will be a MX250 HA pair. Each remote site will follow the IP scheme: 10.SITEID.0.0/16, and have VLANs assigned to the third octet (ex. 10.SITEID.VLAN.0.24). There will be a static route configured at each of the remote sites to point back to the Main Data Center site, and likewise the main Data Center will have a static route pointing to each of the remote locations. This will allow for LAN communication between the Data Center site and the remote locations. My question comes in as to what is the best way to configure/transport the internet traffic to/from the Data Center site and the remote locations? The ISP is going to be giving me /30, and I will be given a single RJ45 handoff at each remote location. Since both the Internet(MPLS) traffic and WLAN traffic will be going over the same link, how would I configure the MX to come online/connect to the dashboard, and pass the internet bound traffic back to the DC? Would I do more static routes? Thank you for your help!
... View more
06-25-2019
11:16 AM
2 Kudos
I have a new avatar!
... View more
03-20-2019
08:36 AM
Looks like you would need to configure a static route for the routing. I believe in your scenario you would configure the static route for the subnet 192.168.10.0 and have the Next Hop IP as that of your gateway (10.4.2.1). Do you also have a default route configured for traffic?
... View more
03-20-2019
08:26 AM
As others have mentioned, connecting to the local configuration page will provide you the ability to confirm whether or not that WAN 1 is statically configured. Ensure that interface is configured for DHCP addressing and then reboot the device.
... View more
03-20-2019
08:02 AM
5 Kudos
Hello everyone, glad to be a part of this awesome community! A bit about yourself & your work I am currently a 22 year old associate systems engineer at my company. I have been in my role for around 2 years all together, including internships. My focus is on R&S but as time/myself moves forward I will be getting into the security avenue of networking. Your experience with Cisco Meraki Currently I have around 8 months of Meraki experience, which included me achieving my CMNO and CMNA. I have done a handful of deployments, one including a full stack for a multi-office 500+ client customer, and a deployment of over 250+ MX devices. A fun fact about yourself I am a photographer for the provinces biggest modified car scene team (I am way to interested in the modified car scene)
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 7 | 30048 | |
| 5 | 19102 | |
| 3 | 23834 | |
| 2 | 914 | |
| 2 | 11112 |
