Great answer. 🙂 That gave me some hope. Thank you again. ... View more

can you please confirm, I am bit confuse about peer ID and peer endpoint at non meraki side. here is the script i have used, The tunnel is up but it doesn't pass any traffic, after your reply i have added port forwarding rule at MG side, still not tested due to downtime not approved yet.   over here do i need to give 172.31.128.4?   crypto map CMAP1 40 ipsec-isakmp set peer (public-IP of celleuar gateway) set security-association lifetime seconds 28800 set transform-set VPN set pfs group14 set isakmp-profile 4G-link-backup match address Interesting_Traffic reverse-route static   crypto isakmp profile 4G-link-backup keyring tunnel-keyring-4G match identity address (public-IP of celleuar gateway) 255.255.255.255 local-address 10.243.0.4   mode tunnel crypto ipsec transform-set VPN esp-aes 256 esp-sha256-hmac   crypto keyring tunnel-keyring-4G pre-shared-key address (public-IP of celleuar gateway) key xyz......   MG side: Is this ok?   ... View more

Hi! We have Windows Server 2016 and MS Network Policy Server installed. All ports are for now opened, in and out.   The Network contains of one Hub and multiple Spoke. This MX is a spoke.   All MX have a VPN connection to our servercloud where the Network Policy Server is. It's an VMWare Edge, so Non-Meraki Site to Site VPN.   There are no event logs with those eventIDs on the Policy Server.   The MX can ping the Policy Server both on LAN and on Internet. ... View more