Anybody else get a call overnight in the states to start your day bright and early?
Issues with Auto VPNSubscribeIdentified - We have identified a proximate cause for the Meraki Auto VPN issues and are working on a remediation plan to restore normal service. A fix will be deployed to that effect shortly.
Sep 18, 2024 - 08:38 UTCInvestigating - We are aware that some customers are experiencing Meraki Auto VPN issues, and we are actively investigating. Rebooting MX/vMX devices operating in passthrough mode can be used as a workaround in the meantime.
Sep 18, 2024 - 06:25 UTC
Knocked out all of our remote locations. Fixed by failing over the hub MXs (HA pairs).
It’s times like this when Meraki is a PITA. Great if you need to stand up a site quickly and have nobody with any technical chops there. When it goes wrong though, there is not a lot exposed to help you tshoot and figure out what the hell is going on!
2/10 would not recommend. At least a reboot fixed it.
Lucky for me I had scheduled some MX upgrades, so I caught all our VPN tunnels going down. I got the status alert while I was troubleshooting with meraki support. I couldn’t even fathom that it was something on the Meraki end.
Around 12PM-4PM (depending on time zone) in Australia when issue started, rebooted Hub MX and connectivity came back up. VPNs were showing up on Hub side but down on Spoke side.
And let’s not act like Cisco licensing for their other products isn’t a fucking shit show. Sure they won’t turn off if the licensing expires, but Meraki just fucking works. It’s nice to have them in place and not have to ever worry.
My issue with Meraki is that it completely devaules Cisco’s own certifications. When I was working for an ISP that I won’t bother to name, we were given a 2-day training course on configuring Meraki, which our employer was going to start using. You couldn’t do even the most basic show commands to do your own troubleshooting. Doesn’t matter if you’re a CCIE, you have to open a support ticket and let Meraki engineers remotely access your gear to troubleshoot it.
At that point, why should a company pay to have even a CCNA on staff? They shouldn’t. They should just have other non-networking staff as needed, and budget to contract Meraki for network support. The business model there is for Cisco to bring in people on H1B visas (or connect from overseas outside our normal business hours), pay them less, charge customers just a bit less than they’d pay a CCNA, and pocket the difference while hopefully keeping their customer dumb and happy.
That’s great for the C-suite and great for Cisco, but is horrible for anyone who’s taken the time and effort to build a career earning Cisco certs and working as a resident engineer anywhere else in the US (or any of the other economies with a higher cost of living).
What are you going to? We are just now implementing the MX’s and love them for small sites. I have mine in active/active peered to an HA pair of Palo Alto Firewalls.
It did NOT help me having two VPN Concentrators though because both experienced the same issue.
