Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About ksridhar
Community Record
18
Posts
1
Kudos
0
Solutions
Badges
04-20-2022
09:19 AM
Hi, I was able to ping a public IP like 8.8.8.8 and now I see that the route table shows all links as good including the IPSec peer. But what I'm unable to understand is how does the appliance know which link to pick to route the ICMP traffic designated to 8.8.8.8 - would that be the WAN uplink or the VPN link. Both those links have a default subnet 0.0.0.0/0 configured and both have the link status to be good. Any help here is very much appreciated! Thanks.
... View more
04-20-2022
08:08 AM
Yes it does. I will double check this. What I wanted to know is if the route table entries are correct where both the underlay (WAN) and the VPN peer have a default route set. I was wondering which path is taken in that case.
... View more
04-20-2022
05:43 AM
Hi, Thanks for the update. I was trying to setup a Non-Meraki VPN peer using a default route but I'm unable to ping any internet address using the Live tool. I have a default firewall rule - # Policy Protocol Source Src port Destination Dst port Comment Logging Actions Allow Any Any Any Any Any Default rule Is there anything else I'm missing from the configuration? This is the route table info - Subnet/Prefix Name Version Type Next hop 192.168.128.0/24 single lan settings 4 Local LAN - 0.0.0.0/0 Peer1 4 IPSec Peer <Public IP of Peer> 0.0.0.0/0 Default 4 Default WAN Route WAN Uplink When an IPSec peer is created with default route, it seems that the route table is updated as shown above. VPN is enabled for the main subnet and the MX appliance is configured in routed mode. Is there something I'm missing with the configuration? Thanks!
... View more
04-18-2022
09:20 AM
Hi, When configuring Non-Meraki VPN peers it is mandated to provide the private subnets which are essentially the subnets behind the third party VPN device. There is this option to provide a default route too using 0.0.0.0/0. However when this is configured, I see this message - "The local subnet x.x.x.x/x overlaps with a remote VPN subnet on the non-Meraki peer <peer name> (0.0.0.0/0). IP traffic will be routed to the smallest subnet that contains the IP address." As I understand this, the smallest prefix will always be used over the default route when traffic is designated to an IP address in the "local subnet". All other traffic will still be routed via this VPN tunnel including any internet bound traffic. Is my understanding correct? Also, if the tunnel goes down, does it mean that all other MX devices other than the Z series devices will automatically fail over to the underlay connection or the direct WAN connectivity? Thanks, Krishna
... View more
04-18-2022
09:09 AM
Thanks! Coincidently I happened to find this too soon after I posted this query 🙂
... View more
04-18-2022
03:56 AM
Hi, Can anyone help me find the API that I could use to list the available subnets in a given network that have the VPN mode enabled? Thanks!
... View more
04-17-2022
10:31 PM
Hi, Can someone help me understand what would the default/implicit behaviour be when Local ID is not specified when configuring a Non Meraki VPN peer? As I understand when using the V1 APIs there is currently no support to provide the Local ID configuration. So in this case how is the identification of individual VPN links be done? I did read in some online resources that other Cisco appliances were capable of using local IPv4 addresses of the interface if Local IDs are not specified. Is this true with the Meraki SD-WAN appliance too? If so is the IP address used the public IP or the private IP address of the WAN port? Thanks!
... View more
04-08-2022
10:08 PM
Hi, It seems that the only way to run any CRUD operations via APIs on Non-Meraki VPN peer resources, is to first retrieve the existing list of peers and then update the list with the needed updates and push the entire list back. I was wanting to know if such operations would cause existing VPN connections to be torn down and brought up once again even if those specific configurations were not changed in any way. Thanks!
... View more
04-08-2022
10:04 PM
Hi, After some reading and testing of Non-Meraki VPNs, it seems that the connection is established only when there is traffic. The question is, do we have any way to verify a given VPN configuration via APIs without generating any traffic or is there any way we can generate test traffic via APIs? Thanks!
... View more
03-23-2022
09:29 PM
Thanks for pointing that out and apologise for duplicating the discussion here too. What I'm unable to figure yet is what exactly would the local ID parameter have if it is not mentioned at all. Have you tried bringing up the VPN connection without the local ID? I'm still working on my setup and once I have it I shall give this a shot at my end too.
... View more
03-23-2022
09:26 PM
The documentation does not mention anything about the local ID and how that is handled if it is not provided in the configuration. Hence wanted to know what the behaviour would be or specifically if there is any implicit use of IPv4 address by MX devices when establishing VPN connectivity to third party peers.
... View more
03-22-2022
11:44 PM
Hi, As also mentioned in another discussion thread, V1 Dashboard API does not support a payload that provides local id information (which is ignored). So when configuring a VPN peer with IKEv2, will the MX device use the IPv4 address associated with the local end point in establishing the connection? Thanks, Krishna
... View more
03-22-2022
11:20 PM
1 Kudo
Hi, I seem to have hit the same problem. Is there anyway we can update the local ID and retrieve that information when configuring Non Meraki VPN peers? Any help on this regard is very much appreciated. Thanks!
... View more
03-15-2022
10:35 PM
Hi, As I understand from the documentation, the availability tags are associated to a given network comprising of many appliances. If we were to configure Non Meraki VPN to a third party firewall service such as zscalar, is there a way we can associate the VPN configuration with just one of the appliance in the network associated with a specified tag?
... View more
03-14-2022
10:44 PM
Aah! Missed the Availability tags aspect. Will check that out and get back if I have any specific queries! Thanks once again.
... View more
03-14-2022
10:31 PM
Thanks very much for pointing that out. I also understand that when we establish a "Non-Meraki VPN Peer" all MX sites will have this configuration as this is considered organization-wide. Is there any way to isolate it to just one site/branch?
... View more
03-14-2022
03:18 AM
Hi, I would like to know if the Meraki SD-WAN solution provided with MX appliances support integration with 3rd party firewall services hosted in cloud environments. Thanks, Krishna
... View more
Labels:
- Labels:
-
3rd Party VPN
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 1 | 511 |
