Community Record
21
Posts
8
Kudos
2
Solutions
Badges
Sep 28 2021
9:54 PM
1 Kudo
Hi, I've non meraki vpn peers connected to branch non meraki device VPN. Sometimes I can't ping remote IP. When I checked the logs it said : msg: <remote-peer-2|190> closing CHILD_SA net-2-1{1973} with SPIs ccf831e8(inbound) (312 bytes) 49631dcf(outbound) (0 bytes) and TS ip_local === ip_remote ip_local = my corporate ip subnet, eg. 10.10.2.0/23 ip_remote = my branch subnet, e.g. 10.10.16.0/20 As the result, I can't ping to any ip subnet under 10.10.16.0/20. What happened ? Is this because my router is behind the NAT or it had to do with the internet connection ?
... View more
Jul 28 2021
5:18 PM
2 Kudos
@Foysol , The support engineer didn't give me any document link to this configuration, but I can share the screenshot from his solution to my case. Hopefully that helps.
... View more
Jul 26 2021
11:36 PM
4 Kudos
Hi, It's solved already. Yes, Meraki does have the default setting for DPD. The timer is set to 10 seconds by default, with 5 retries and a max fail count of 5.
... View more
Jul 26 2021
6:48 PM
Where can I find this settings ?
... View more
Jul 26 2021
12:02 AM
Hi, Does Meraki support DPD (Dead peer detection) ? Cause my branch appliances using DPD in its settings.
... View more
Jun 9 2021
10:22 AM
Hi @Inderdeep , yes, I know. But my question is : I have cisco meraki with AMP license in HQ. I want to connect non meraki device to HQ using IPSec tunneling. Can the AMP from cisco meraki scan the non meraki traffic ?
... View more
Jun 9 2021
10:13 AM
Hi, Can Non-Meraki device will get the malware scanned by the Meraki when the IPSec Tunnel is formed ?
... View more
Jun 9 2021
9:11 AM
Hi, Existing I've 4 sites using meraki appliances and all of them have Advanced Security License and all is set to hub mode for the VPN. I want to add another meraki appliance into another site, but this site I just want to install it with Basic Enterprise License. If I set this appliance VPN mode to hubs, will it be automatically get scanned for the malware threat from all of 4 other meraki appliances ? How the Meraki can choose which one from this 4 meraki will act as the malware scanner when all is set to hub mode ?
... View more
Jun 6 2021
10:45 PM
is there any other vendor that do not require licenses to operate ?
... View more
Jun 5 2021
7:32 PM
Hi @Inderdeep , Have you tried the fortigate branch especially branch 40F ? Or what model have you tried from fortinet products ?
... View more
Jun 5 2021
8:38 AM
Hi, I'm looking for non meraki peer recommendation which can connect fluently through IPSEC site to site. Are there any recommendations ? I've tried Cisco RV, Grandstream, Sophos, Sangfor, but had problem with the connection. Most of them got hang up and had local problem connectivity. Thanks a lot.
... View more
May 13 2021
9:55 PM
Hi @RB___ , I use the private IP of the ONT Modem from the ISP of the remote non-meraki router. If your IP is behind the NAT, you can use that Private IP Address as your remote ID. You should try. Hope it works for you too.
... View more
May 9 2021
4:15 AM
1 Kudo
Hi Bruce, It works now by entering the IP Private of the remote peers. Thanks for the help.
... View more
May 9 2021
3:30 AM
Hi Bruce, I've just noticed it. Thank you for the help. But what value do I need to fill in the remote ID field, because there is no local ID in the grandstream device. I've try to enter the Public IP and FQDN value but still won't work. Any idea ?
... View more
May 9 2021
1:37 AM
In Cisco Meraki, I got this log attached below. For Grandstream GWN7000, I got this log attached below. At the HQ side, it keeps deleting SA key. At the branch side, it keeps reconnecting and won't authorized. I suspicious that it has something to do with meraki settings. It works if I downgrade the meraki firmware to 14.53. After I upgrade, suddenly it won't connect.
... View more
May 9 2021
1:09 AM
Hi Philip, Here is the details. Headquarters Cisco Meraki MX67 IKEv version : IKEv1 IP Sec Policies : AWS Phase 1 Encryption : AES 128 Phase 1 Authentication : SHA1 Phase 1 DF Group : 2 Phase 1 LIfetime : 28800 Phase 2 Encryption : AES 128 Phase 2 Authentication : SHA1 Phase 2 PFS Group : 2 Phase 2 Lifetime : 3600 Pre-shared key : used Branch Grandstream GWN7000 IKEv version : IKEv1 Phase 1 IKE Lifetime : 28800 Phase 1 Key Exchange mode : Main Phase 1 Pre-Shared key : used Phase 1 Encryption Algorithm : AES_CBC_128 Phase 1 Hash Algorithm : SHA1 Phase 1 DH Group : MODP1024 Phase 2 Encryption Algorithm : AES_CBC_128 Phase 2 Hash Algorithm : SHA1 Phase 2 PFS Group : MODP1024
... View more
May 7 2021
5:48 AM
Hi, I'm having issue with non-meraki vpn peers connection after I upgrade to 15.42.1 from 14.53. I was insisted to rollback the firmware after the upgrade. Just want to confirm is that really the problem ? I'm using ikev1 by the way. or in this new firmware I need to use ikev2 ? Please suggestion. Thanks.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 10492 | Jul 26 2021 11:36 PM | |
| 8131 | May 9 2021 4:15 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 4 | 10492 | |
| 2 | 10448 | |
| 1 | 10522 | |
| 1 | 8131 |
