Home > Security Appliances > Site-to-site VPN > VPN Status Page

VPN Status Page

VPN Status Overview

The VPN Status page provides detailed, useful information about all VPN tunnels on your Meraki organization. This page provides real-time status updates between your Meraki Auto VPN peers and non-Meraki VPN peers. You can access the VPN Status page by navigating to the Organization > Monitor > VPN Status tab, or by navigating to the Security Appliance > Monitor > VPN Status tab.

 

The Organization > Monitor > VPN Status tab will show you the status of all MXs in your organization with site-to-site VPN enabled.

The Security Appliance > Monitor > VPN Status tab will show the VPN status of the current network in relationship to all other MXs in your organization with site-to-site VPN enabled

 

If site-to-site VPN is not enabled on the selected network, the VPN Status link will not be visible under the Security Appliance tab, but is still accessible through the Organization tab. 

From the Organization tab:

 


From the Security Appliance tab:



Time Period Selection

If you're viewing this page from the Organization > VPN Status tab, the graphs will display the aggregate data of all networks participating in the VPN for the selected time period. If you'd like to see details about a specific site, simply hover your mouse cursor over the peer in the Site Connectivity list and another graph will be overlayed on top. If you're viewing this page from the Security Appliance > Monitor > VPN Status tab, the page will display the data for that network only. 

 

To change the selected time period, click on the dropdown next to the VPN Status at the top left of the page and select the desired time period.

Time period selection

Connectivity, Latency, and Usage Details

The Connectivity Bar at the shows connectivity history for the selected Meraki device over the time period currently selected.

 

The bar can display 3 colors to indicate the VPN status over the given time period. These colors also apply to the Ring View at the top right of the page and Connectivity column in the Site Connectivity list. 

Connectivity History bar

The following colors indicate the status:

  • Red - Peer is unreachable.

  • Yellow - Some peers are unreachable.

  • Green - All peers are reachable.

Usage Graph

The Usage graph shows the throughput of the VPN over a given time period. The graph will dynamically scale depending on the total amount of throughput within the time period. Use this graph to monitor the throughput of your site-to-site VPN connections.

Usage Graph

Latency Graph

The Latency graph shows the latency in a 50th Percentile, 90th Percentile, or a Histogram View. In the Histogram view, hovering over a box will give you details for that time period. The 50% option shows the median round-trip time for pings used to monitor the site-to-site VPN connection. The 90% option will show you the results of the top 10% of pings.

Typically, use the 50% option to view the average, the 90% option to view spikes in latency over the time period, and the histogram view to get detailed data for a specific time within the time period. When there are network problems (like poor voice quality) that can be related to latency, the 90% or histogram views will help troubleshoot whether those events correlate to VPN latency issues. 

Latency graph - viewing 90%

Latency graph - viewing Histogram

Latency graph -  viewing Histogram Details

Ring View Graph

The ring view visually represents the total percentage of traffic distribution between Meraki Auto VPN peers. Each band or "slice" of color on the outer ring represents an MX Security Appliance or Z1 deployed at a given site. The band width is based on the amount of VPN traffic to or from that site. Wide segments indicate MX networks that send and receive larger amounts of VPN traffic than thinner segments.
 

In the example below, we can quickly see that the MX highlighted below has a high amount of VPN peer density (it’s connected to multiple MXs at other sites), and is one of the major hubs for VPN traffic.  


Ring View Graph - Viewing with London branch highlighted

Site Connectivity List

The site connectivity list provides the detailed information for Meraki Auto VPN peers and non-Meraki VPN peers.

Site Connectivity list

 

Information columns can be added or removed using the " icon on the top right of the Site Connectivity list. To view how a specific peer relates to the rest of the configured peers, hover the mouse cursor over the desired peer in the list. This will highlight the graphs at the top of the page.

 

  • Under the site-to-site peers tab, the following information is available:
    • Status - Details on the Meraki VPN status for the selected peer.

      • Red - Peer is unreachable.

      • Yellow - Some peers are unreachable.

      • Green - All peers are reachable.

    • Description - The description of the Meraki or non-Meraki VPN peer.

    • Usage - The amount of traffic to and from that Meraki VPN peer.

    • Latency - Round-trip time latency between the MX and the remote peers.

      • ​There are 3 column choices for this - Average, 50%, and 90%.

  • Under the exported subnets tab, the following information is available:
    • Name - Name of the subnets capable of being exported.

    • Yes/No - Indicator if the subnet is currently being exported into the VPN.

    • Subnet - CIDR notation of the subnet.

    • Router IP - This is either the IP address used by the MX's VLAN interface for that subnet, or the "next hop" IP address configured for a static route. Both of these options are configured on the Security Appliance > Configure > Addressing & VLANs page. More info on the Addressing & VLANs page can be found here.

  • On the non-Meraki peers tab, the following information is available:
    • Status - whether the peer is currently reachable or not

    • Name - Name of the non-Meraki peer configured on the Security Appliance > Configure > Site-to-Site VPN page

    • Public IP - Pubic IP configured for the non-Meraki VPN peer

    • Subnets - All subnets configured under the "Remote Subnets" field on the Security Appliance > Configure > Site-to-Site VPN page

VPN Registry Information

Additionally, Meraki AutoVPN Registry information can be viewed next to the Site Connectivity list. Clicking on a peer will refresh the page and set the focus to that peer. This tool allows you to easily troubleshoot any problems the Meraki device could be having communicating or establishing an AutoVPN connection to another Meraki peer. 

VPN Registry Information

 

The  will provide the following information:

  • VPN Registry: This will indicate if the Meraki device can successfully communicate with the Meraki AutoVPN cloud registry. 
  • NAT Type: This will indicate if there are any problems traversing upstream NAT device(s).
  • Encrypted: This will indicate the VPN type and encryption.
  • Routing Errors: If there are any overlapping or conflicting subnets configured, another row will appear indicating the problem subnet(s). 

Troubleshooting Resources

  • If you are encountering problems with a Meraki MX or Z1 connecting to another Meraki Peer, or the Meraki AutoVPN registry, please refer to the troubleshooting article here.

  • If you are encountering Automatic NAT traversal problems, please refer to the troubleshooting article here.

  • If you are encountering non-Meraki VPN peer connectivity issues, please refer to the troubleshooting article here.

You must to post a comment.
Last modified
08:22, 27 Jul 2017

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 4958

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case