Hey @blind3d , No worries 🙂 So, I'm not sure if it's a naming convention problem, but there were a couple of things that nagged me on the config you sent me. On the Meraki side, you have a remote ID set to "empty", yet on the Palo Alto's side, your local ID is set to the Palo Alto's IP. I would normally recommend using the ID fields when one of the two sides is behind NAT; on the side where you have NAT you'd want to put the private IP on your uplink interface as your local ID, and you'll need to match it on the remote side with the Remote ID field. The other thing that I'm a bit confused about is the "IPSec GW" configuration on the Palo Alto side. Is that the essentially a subnet pair? Do you happen to have a screenshot of that section (even a mock one)? @CCL_CO , in the majority of instances it seems to be a mismatch in either phase 2 configuration or the establishment of the SAs (possibly because of the KB I mentioned above), so there's no one-size fits all solution yet. Could you please share some more details around your configuration (please replace the IP addresses with fake ones!)? Many thanks! Giac
... View more
From another thread https://community.meraki.com/t5/Security-SD-WAN/VPN-stops-passing-traffic-between-Meraki-Security-Appliances-and/td-p/1505 Advised me to look into the anti-replay window between the meraki and the watchguard firewall. Having issue of phase2 just hanging they turned off nat-T but another user referenced anti-replay.
... View more