Edge Router X - IPsec Site to Site VPN to Meraki MX

VPN
1

Hi All,

Hope its ok to Post in here, Having terrible issues trying to get a Edge router X to connect to a Meraki MX.

The Edge IP interfaces have been setup as ETH0 (Internet) as 192.168.3.100/24 and Switch0 as 192.168.2.1/24

1575×314 16.4 KB

The Edge sits behind a Nat with all ports forwarded 4500, 1701 and 500. I have also forwarded 443 to access to the web interface remotely which works fine so I don’t believe there is any issue here.

Here below are the IPsec settings on the edge router

737×711 18.2 KB

Here is the Meraki IP sec settings:

1653×119 9.12 KB

As well as the IPsec Policies

540×538 11.5 KB

I am running the capture of sudo tcpdump -i eth0 -n udp dst port 500 or port 4500 or port 1501 to see if I can see Merkai hitting the edge router although I cant really see anything. Meraki has said it is showing as Phase 1 failure : NO-PROPOSAL-CHOSEN on their end. in the meraki event log it shows msg: FIPS mode disabled.

I have even added these firewall rules in manually. Still no luck:

817×430 16.8 KB

Any help would be greatly appreciated!

Cheers.

3

Don’t use IKEv1 and SHA1. They’re not secure anymore.

"NO-PROPOSAL-CHOSEN " means there is a mismatch for P1 or P2.

I’m not seeing the P1 settings on the EdgeRouter I believe, can you share them?

4

Thanks for your response! I have updated the encryption as you mentioned, after I updated the firmware on the edge router, I think it was sort of bricked. I updated the boot loader and it all worked fine.

This post pointed me in the right direction: https://www.reddit.com/r/Ubiquiti/comments/ctyljz/anyone\_having\_issues\_with\_getting\_2\_edgerouter\_x/

5

On the Meraki side I don’t see the VPN peer public IP? Or is this greyed out by you?

6

This was greyed out :slight_smile: