cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Overview of setting up a work from home solution using Cisco Meraki

Meraki Employee
Meraki Employee

Overview of setting up a work from home solution using Cisco Meraki

Hi Community,

 

I hope that everyone is staying safe during these turbulent events happening. My name is Chase Nebeker. I'm a Senior Network Support Engineer here at Cisco Meraki. The goal of this post is to share some personal thoughts on how to set up a work from home solution using Cisco Meraki. There is already a lot of documentation out there for setting all of this up but I just wanted to consolidate all of the different pieces of information together into one document. 

 

Please let me know if you have any questions or feedback. Hopefully, we can help each other create a successful work from home so that we can all stay safe and socially distance appropriately. 

 

http://bit.ly/3di5u4a

I apologize for it just being a shared Google Doc. It was the best method I could come up with that would allow me to add more information. 

15 REPLIES 15
Highlighted
Kind of a big deal

Re: Overview of setting up a work from home solution using Cisco Meraki

Awesome thanks for sharing!

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Highlighted
Meraki Employee

Re: Overview of setting up a work from home solution using Cisco Meraki

Very informational document. I much appreciate your contribution to our community.
Highlighted
Kind of a big deal

Re: Overview of setting up a work from home solution using Cisco Meraki

"The MX sizing guide has some helpful guidelines on how many Client VPN connections that can be supported on each platform. The MX67/MX68 it’s recommended that only 50 Client VPN connections be active at a time. The MX450 is able to handle about 300 clients."

The sizing guide states 1500 for this, not 300. Not sure if that is a typo or not.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
Kind of a big deal

Re: Overview of setting up a work from home solution using Cisco Meraki

Good point @NolanHerring .  I think its almost worth there being a banner on the Meraki.com page which lists VPN information in an easy to find place including sizing and setup guides / videos. 

 

Many customers are scrambling to get remote access working. 

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Highlighted
Head in the Cloud

Re: Overview of setting up a work from home solution using Cisco Meraki

Sizing is definitely something that can have an impact with today‘s situation:

Something that has been tested for „usual“ road warriors sitting in airports, hotels etc. to read their emails or access internal systems are currently being replaced by dozens of people sitting in their (usually well equipped inet circuits running a lot of video conferencing and things like that).

 

So in a nutshell I feel like being really conservative with sizing details is a good idea nowadays.

Highlighted
Kind of a big deal

Re: Overview of setting up a work from home solution using Cisco Meraki

I figured it was supposed to say 3000, since its the MX450 which is like what...tens of thousands of dollars after discount? 50 clients on an MX67 which is like 800 bucks, vs 300 clients on an MX450. Math don't add up lol. Sizing guide actually says it can handle 5000 max, and they recommend around 1500. If they recommended 3000 that would make more sense since its just a little over half the max. That is conservative to me =P
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
Meraki Employee
Meraki Employee

Re: Overview of setting up a work from home solution using Cisco Meraki

With the MX450 I did lower it on purpose just with some real-world results that I've seen. For the MX67 I did not change from the sizing guide. I'll have to see if I can get some better numbers on these. 

Highlighted
Kind of a big deal

Re: Overview of setting up a work from home solution using Cisco Meraki

For those still going to work - TfL (London Transport) - is using leaky feeder technology to provide 4G coverage (all 4 major providers) on the underground. The pilot program is up and running on the Jubilee Line between Westminster and Canning Town, so usefully for commuters between Waterloo Railway Station and Canada Water.

 

How fast? 230 Mbps is a reality.

 

So I'm looking at wiring up some Lithium batteries, in series, and testing the Z3C whilst in the Underground tunnel. (aside how robust is the Z3C if the Amps are over spec?).

 

Lets hear it for leaky feeder tech!🤣

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Highlighted
Kind of a big deal

Re: Overview of setting up a work from home solution using Cisco Meraki

Good luck @Uberseehandel  I just hope the London Metro police don't think your carrying some type of remore explosive!

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Highlighted
Kind of a big deal

Re: Overview of setting up a work from home solution using Cisco Meraki

@BlakeRichardson 

I'm taking a Z3C on the Jubilee line - not a BOOM Box!!!! 🤣 😇 🤡 💃 🕺 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Highlighted
Meraki Employee
Meraki Employee

Re: Overview of setting up a work from home solution using Cisco Meraki

I made some updates to the doc: Added section on “Manual NAT traversal”, moved and renamed “Disable auto-joining SSID on the client device”, moved and renamed “Meraki AutoVPN”, added sub-section “Client VPN connection”, and added section “Troubleshooting resources.”

Highlighted
Building a reputation

Re: Overview of setting up a work from home solution using Cisco Meraki

Good concise document with some good ideas. Worth mentioning integration with Umbrella to tighten security? Final question....when’s Anyconnect support coming for the MX’s?

Highlighted
Meraki Employee
Meraki Employee

Re: Overview of setting up a work from home solution using Cisco Meraki

A couple of days ago we made some tweaks to the layout of the Client VPN page. Most of these changes are straightforward, just helping provide guidance on the different options that are available. Also some FAQs of what might be going wrong. 

 

One thing that is really new is on the Network-wide > Clients page. I didn't realize it until someone pointed it out to me, so I thought I'd share. You can now filter for Client VPN connections. 

 

Screen Shot 2020-03-25 at 2.39.24 PM.png

Highlighted
Kind of a big deal

Re: Overview of setting up a work from home solution using Cisco Meraki


@CN wrote:

A couple of days ago we made some tweaks to the layout of the Client VPN page. Most of these changes are straightforward, just helping provide guidance on the different options that are available. Also some FAQs of what might be going wrong. 

 

One thing that is really new is on the Network-wide > Clients page. I didn't realize it until someone pointed it out to me, so I thought I'd share. You can now filter for Client VPN connections. 

 

Screen Shot 2020-03-25 at 2.39.24 PM.png


 

 

 

 

 

 

 

Thanks @CN  - there have been at least 3 or 4 posts in the last several days specifically asking for a better options on viewing Client VPN connections, due to the boom in people working from home etc.  Not sure if what you guys have updated helps yet but I think one of the issues was being able to easily 'see' failed client connections, where as now I think they have to dig through syslog.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
A model citizen

Re: Overview of setting up a work from home solution using Cisco Meraki

Heh, I didn't realize the is:client-vpn option was new.

I recently got the question from a customer to checkout the load on the MX due to the amount of VPN's.
So I prepared the solution by trying it out myself.

So I started with selecting only MX clients ( so I saw all up and downstream traffic of the MX of the selected timeperiod 2hours)
Then I filtered using the new is:client-vpn and found that the usage had a "matches up and down Mbps" area so with the graphic I now had a view of the last 2 hours of the traffic used of all VPN users.  Cool..

I have been getting alot of questions about the split tunnel, so this morning I looked at the Microsoft documentation and found the easiest fix is actually adding the VPN connection in Powershell using the AddVpnConnection command with the -SplitTunnel option and then adding another command AddVpnConnectionRoute which adds a static route to the specific to reach subnet.  And voila problem solved.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.