Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

About Luca1

Re: Enabling more than 2 subnet in vpn s2s not meraki.

by in Security & SD-WAN
‎Nov 22 2022 12:50 PM
‎Nov 22 2022 12:50 PM
Yep i have made a tiket with support but i'm entered in a sort of loop like the Miller planet in Interstellar , 1 minute 7 years.......😄   This morning same appears all working fine and this afternoon bye bye vlan 192.168.45.0/24 from HQ.... Very strange for a company Cisco like. ... View more

Re: Enabling more than 2 subnet in vpn s2s not meraki.

by in Security & SD-WAN
‎Nov 22 2022 1:19 AM
‎Nov 22 2022 1:19 AM
Hi alembrahao thanks for advice. yes i have read this with IKEv2 and we use IKEv1. I will try to enable ALL subnet and come back with a feedback positive or not.  ... View more

Enabling more than 2 subnet in vpn s2s not meraki.

by in Security & SD-WAN
‎Nov 21 2022 4:23 PM
‎Nov 21 2022 4:23 PM
Hello community, We have a couple of MX105 version 17.10.2, we have made a s2s ikev1 to HQ with a couple of 2120 firepower managed via fmc. We using 17.10.2 because i have made a ticket but support they do collect data and tell me to try different firmware.  In meraki site i'm using a 192.168.40.0/21 subnetted into 8 /24 subnet nothing strange. From the other site of tunnel i'm advertising one private 172.16.0.0/13. At the moment i have enabled only 3 of the MX subnet into the tunnel. Tunnel is up and i see all the child sa coming up to the firepower wen interesting traffic coming up. Advertised subnet in MX is 192.168.40.0/24, 192.168.41.0/24 and 192.168.45.0/24 And now coming the problem. From HQ i'm able to talk only with 192.168.40.0/24,192.168.41.0/24 and nothing to 192.168.45.0/24 Already from MX im able to talk from 192.168.40.0/24,192.168.41.0/24 to ip address behind subnet 172.16.0.0/13 My question is , is a limitation about number of subnet advertised from MX?   The only issue i see in the child sa when try to send icmp packet from mx vlan 192.168.45.0/24 access-list CSM_IPSEC_ACL_2 extended permit ip 172.16.0.0 255.248.0.0 192.168.40.0 255.255.248.0 Protected vrf (ivrf): local ident (addr/mask/prot/port): (172.16.0.0/255.248.0.0/0/0) remote ident (addr/mask/prot/port): (192.168.45.0/255.255.255.0/0/0) current_peer: 195.230.205.210 #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 29, #pkts decrypt: 29, #pkts verify: 29 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #send errors: 0, #recv errors: 0   I have try already using Ikev2 without success it seams not build correctly the crypto map policy.   Nobody have made a sort of similar s2s with firepower or other appliance with success with more then two subnet advertised?   At this point any advice is welcome. Thanks  ... View more
© 2024 Cisco Systems, Inc.