Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
873
Views
0
Helpful
2
Replies

Site-To-Site VPN between Meraki MX and FTD Managed by FMC

Cole Riese
Level 1
Level 1

‎11-09-2023 12:16 PM

Hi there, has anyone had any success setting up a site-to-site VPN between a Cisco FTD being managed by FMC and a Meraki MX device? For the life of me, I can't figure out how to get it to work. The configuration on both seems to match, but I'm unable to ping across or access anything on either end.

2 people had this problem
Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎11-09-2023 12:44 PM

@Cole Riese is the tunnel actually up? From the FTD you can run "show crypto ipsec sa" confirm you have IPSec SAs between the 2 peers and the encap|decap counters are increasing. If you have no IPSec SAs then enable ike debug and provide the output for review.

On the FTD side have you configured a NAT exemption rule to ensure traffic between the 2 networks is not unintentially translated? Have you created an Access Control rule to permit traffic between the local and remote networks?

To troubleshoot from the FTD CLI you can run packet-tracer to simulate the traffic flow, run this twice and provide the output for review.

0 Helpful

Cole Riese
Level 1
Level 1

‎11-09-2023 01:35 PM - edited ‎11-14-2023 11:50 AM

@Rob Ingram The tunnel shows online in the FMC and on the Meraki "VPN Status" page. Here is the Tunnel Status from the FMC:

ColeRiese_0-1699991320426.png

I have configured a NAT exemption rule and made sure to add ACL rules to allow traffic both ways.

I tried running the packet-tracer command on the FTD CLI, but I'm not sure what to set for the parameters.

0 Helpful
Customers Also Viewed These Support Documents