Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About feiyang
feiyang
Comes here often
Member since Jul 13, 2022
Dec 14 2022
Community Record
4
Posts
0
Kudos
0
Solutions
Jul 20 2022
10:49 AM
Updates: I upgraded the firewall firmware to 17.x and also switched over the ISP in this site. After that, VPN tunnel is up.. I suspect the previous primary ISP blocks IPSec or have a stricter network security (as I cannot ping my public IP either) and caused the issue.
... View more
Jul 13 2022
10:25 AM
I agree, I should at least be able to see some packets coming out of MX WAN interface. This is strange. I have not rebooted the MX yet. I am scheduling MX for it and probably will upgrade to 17.x (whichever the allowed newer code in Meraki dashboard). I will also switch to the secondary ISP as my primary ISP to try out the other ISP as exit. Thanks, Fei.
... View more
Jul 13 2022
10:17 AM
Yes, I have specified the correct site to have this VPN applied. Firmware is MX 16.16. Also, the non-Meraki peer is a SaaS VPN provider, and my Meraki firewall is in Mexico. I tried to peer with various VPN gateways from the SaaS provider, either in US or in Mexico, and Meraki firewall does not send out any packets. I have similar setup in US, that MX250 firewall in US can establish VPN to the same SaaS VPN provider, and I am able to capture packets from this US MX250 destined to the SaaS VPN provider's gateway, over the Internet interface.. I only have one site and one firewall in Mexico thus cannot narrow down if it is a Mexico/ISP related issue or the particular MX250 has issue..
... View more
Jul 13 2022
9:01 AM
Hello, I configured a site-to-site VPN peering to a non-Meraki firewall device, with below parameters: IKEv2 Phase 1 encryption: AES256 Phase 1 authentication: SHA256 Phase 1 Pseudo-random Function: SHA256 Diffie-Hellman group: 14 Lifetime (seconds): 28800 Phase 2 encryption: AES256 Phase 2 Authentication: SHA256 PFS group: 14 Lifetime (seconds): 28800 I also make sure the pre shared key is correctly entered at both ends. However, the tunnel does not form up. I did packet capturing on the MX250 WAN1 side, which is my primary WAN, and do not see a single packet goes out to the remote peer's IP. I tried to change the parameters, re-configure everything, to trigger the VPN negotiation packets, but do not get a single packet out to the remote peer. I do have another non-Meraki VPN peer configured on the same MX250 to compare, and I can capture packets destined to that peer.. So my question is why MX250 does not send any packets to the first non-Meraki peer at all? Any thoughts? Thanks, Fei.
... View more
Labels:
- Labels:
-
3rd Party VPN
© 2024 Cisco Systems, Inc.
