Default Meraki presets for Azure site to site VPN do not match Azure's config. You will see in the Meraki logs that phase one ISAKMP is established, but fails on phase 2:
Non-Meraki VPN negotiation: ISAKMP-SA established <Virtual network gateway IP address><Meraki IP address>
Non-Meraki VPN negotiation: long lifetime proposed: my:3600 peer:27000
Change phase 2 lifetime to --> 27000 and the site to site should come up.
No need to adjust routes in Azure the way you need to in AWS, it will automatically do this for you. Ping from Meraki tools to a resource inside the VNet, and traffic will route successfully.
No comments:
Post a Comment