The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About JasonCardinal
JasonCardinal

JasonCardinal

Comes here often

Member since Jan 11, 2022

‎01-18-2022

Community Record

3
Posts
0
Kudos
0
Solutions
Latest Contributions by JasonCardinal
  • Topics JasonCardinal has Participated In
  • Latest Contributions by JasonCardinal

Re: Upgrading MX100 14.53 to 15.44 breaks non-Meraki site-to-site VPN (AWS)

by JasonCardinal in Security / SD-WAN
‎01-12-2022 11:38 AM
‎01-12-2022 11:38 AM
Thanks for the comment.  I did not but seriously considering it.  My rationale is that I have a very successful site-to-site VPN between both MX100 (in hub mode) so I rejected having two VPNs, one for each MX100 site.   Let me know if you think this could be a problem.  Thanks again! ... View more

Re: Upgrading MX100 14.53 to 15.44 breaks non-Meraki site-to-site VPN (AWS)

by JasonCardinal in Security / SD-WAN
‎01-12-2022 11:34 AM
‎01-12-2022 11:34 AM
Thanks for the link.  I followed it to a t and it definitely looks like our problem.     The thing is, I can ping from the MX100 on 14.53 to AWS private subnet no problem (on IKEv1) but when I change to IKEv2 in Meraki site-to-site non-meraki VPN, it dies when pinging from MX100 on 15.44   Both IKEv1 and IKEv2 are checked in AWS VPN tunnel options and DES is disabled.  Can't get my head around this. ... View more

Upgrading MX100 14.53 to 15.44 breaks non-Meraki site-to-site VPN (AWS)

by JasonCardinal in Security / SD-WAN
‎01-11-2022 11:10 AM
‎01-11-2022 11:10 AM
We have two MX100 set up for site-to-site Hub VPN with each other and site-to-site non-Meraki VPN with AWS   MX100A (14.53) has no networking issues.  We setup MX100B (15.44) same as MX100A except for the WAN ip addresses and VLANs. Both can ping each other no problem MX100A (14.53) can ping AWS farm no problem and ping MX100B VLAN no problem MX100B (15.44) can ping MX100A no problem but cannot ping AWS farm (like MX100A)   We twice upgraded MX100 A to 15.44 but quickly had to rollback to 14.53 as we could no longer access our AWS farm (Non-Meraki Client VPN)   Could it be that MX100B’s firmware 15.44 is the issue?  How to troubleshoot on the Meraki side?  All security groups seem tight on the AWS side.     ... View more
Labels:
  • Labels:
  • Auto VPN
  • AWS
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki