Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Luca1
Luca1
Comes here often
Member since Nov 21, 2022
Dec 14 2022
Community Record
3
Posts
0
Kudos
0
Solutions
Nov 22 2022
12:50 PM
Yep i have made a tiket with support but i'm entered in a sort of loop like the Miller planet in Interstellar , 1 minute 7 years.......😄 This morning same appears all working fine and this afternoon bye bye vlan 192.168.45.0/24 from HQ.... Very strange for a company Cisco like.
... View more
Nov 22 2022
1:19 AM
Hi alembrahao thanks for advice. yes i have read this with IKEv2 and we use IKEv1. I will try to enable ALL subnet and come back with a feedback positive or not.
... View more
Nov 21 2022
4:23 PM
Hello community, We have a couple of MX105 version 17.10.2, we have made a s2s ikev1 to HQ with a couple of 2120 firepower managed via fmc. We using 17.10.2 because i have made a ticket but support they do collect data and tell me to try different firmware. In meraki site i'm using a 192.168.40.0/21 subnetted into 8 /24 subnet nothing strange. From the other site of tunnel i'm advertising one private 172.16.0.0/13. At the moment i have enabled only 3 of the MX subnet into the tunnel. Tunnel is up and i see all the child sa coming up to the firepower wen interesting traffic coming up. Advertised subnet in MX is 192.168.40.0/24, 192.168.41.0/24 and 192.168.45.0/24 And now coming the problem. From HQ i'm able to talk only with 192.168.40.0/24,192.168.41.0/24 and nothing to 192.168.45.0/24 Already from MX im able to talk from 192.168.40.0/24,192.168.41.0/24 to ip address behind subnet 172.16.0.0/13 My question is , is a limitation about number of subnet advertised from MX? The only issue i see in the child sa when try to send icmp packet from mx vlan 192.168.45.0/24 access-list CSM_IPSEC_ACL_2 extended permit ip 172.16.0.0 255.248.0.0 192.168.40.0 255.255.248.0 Protected vrf (ivrf): local ident (addr/mask/prot/port): (172.16.0.0/255.248.0.0/0/0) remote ident (addr/mask/prot/port): (192.168.45.0/255.255.255.0/0/0) current_peer: 195.230.205.210 #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0 #pkts decaps: 29, #pkts decrypt: 29, #pkts verify: 29 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0 #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0 #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0 #TFC rcvd: 0, #TFC sent: 0 #Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0 #send errors: 0, #recv errors: 0 I have try already using Ikev2 without success it seams not build correctly the crypto map policy. Nobody have made a sort of similar s2s with firepower or other appliance with success with more then two subnet advertised? At this point any advice is welcome. Thanks
... View more
© 2025 Cisco Systems, Inc.
