Leadtheway
asked on
ASA and Meraki MX site to site
Having an issue with a meraki and an ASA site to site. When i first built tunnel it showed up, both green on meraki and showing MM_active in the crypto sa on the ASA. But Still can't talk to devices behind the asa. And periodically when I check asa vpn status it shows red, but when i try to ping something behind the asa i get 100% loss but the tunnel will then show green. Not sure if its an issue with meraki and using summarized subnets or something else. Anyone have experience with this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do the ASA tunnel stats show any transmitted/received packets? - and does ASA's packet tracer show that your test traffic would be sent over the tunnel?
Is there any device between the ASA and meraki that could be blocking IPSEC tunnels ( only allowing the UDP negotiation )
Is there any device between the ASA and meraki that could be blocking IPSEC tunnels ( only allowing the UDP negotiation )
ASKER
I figured it out, the SA lifetime was mismatched
ASKER