We are wit's end on an Azure-Meraki site to site VPN issue that is causing us massive headaches. Here is the scenario we hope someone can help with:
We have a customer that has offloaded all their servers into Windows Azure. Everything is working great in terms of the virtual machine aspect of Azure, but we have one box that has to have
a site to site tunnel running in order to communicate with a client app that runs on some PCs at the office. Which was fine, we thought, as Azure supports site to site VPNs, so our journey began...
Our original router was a Cisco RV042G, but this was a no-go as Cisco limits pre shared keys on this device at 30 characters. Azure needs 32 characters no less. That was a dead end which we replaced with a Sonicwall TZ as a last minute purchase...
The Sonicwall was a nightmare. Their support team treated us like heretics because we did not purchase a support plan through them instead of through CDW. Even after purchasing a support plan a second time through them, they couldn't get a reliable tunnel working to Azure. Very poor support team, lest we say that we won't be buying any more Sonicwall devices after that experience...
So we finally replaced the Sonicwall with a Meraki MX60. Liking the Meraki gear as we are putting more of their devices into the field and liking what they offer. Problem is that we have gotten a proper tunnel setup to Azure from the Meraki box, and Meraki says all settings are 100%, but we are still experiencing drops either in a few hours or in a couple days.
Meraki says their logs show no issues with the box.... ISP says their connection is stable as ever... the only side we cannot get a definitive answer from is Azure. There seems to be no way to get a log of how the VPN looks on their service unless we open a support ticket, but don't get me started on that, as they refuse to provide MS partners with decent support without paying for an extra hefty fee. Crazy for as much business as we push their way for Azure.
Regardless, I was curious if anyone else here has experience with a site to site tunnel up to Azure, specifically on a Meraki box, dropping at random intervals and refusing to reconnect.
I have been doing some reading and some online claim that the MTU for Azure needs to be 1350 and changing their firewall to this MTU fixes it, and others say that Dynamic Routing VPN setup works better than Static Routing VPN due to a lack of dead peer detection on a Static Route VPN.... any actual evidence to either of these being the case?
We've been picking and poking around this tunnel for the last week or so, and need some solid third party insight on what may be going on. It's frustrating to have this tunnel dropping so often, and Microsoft claims Azure is enterprise ready.... I don't know who to believe during this troubling time.
Is there something that may be taking the tunnel down due to inactivity? And would it be Azure doing it or the Meraki?
Any insight is appreciated. We need to get this going for the client as Azure is working very well in all aspects other than this site to site tunnel.