Meraki

Community

Issue with Cisco meraki NSG

ImranKhan7
New here
‎May 2 2024 11:34 AM
‎May 2 2024 11:34 AM

Issue with Cisco meraki NSG

Hi All,

I deployed a Cisco Meraki VMX appliance on Azure, which created two resource groups.

The virtual machine has been created in a different group than the appliance. The issue is that the VM is unable to connect to the internet, and I am unable to assign a Network Security Group (NSG) to the VM as the appliance has a default deny rule in place.

Pls find the error 

  • Failed to update network interface
    Failed to update the network interface 'MerakiVPNNic'. Error: The client 'Email Id' with object id '02ebd171-28d0-41bc-abdf-1ad78f2aa335' has permission to perform action 'Microsoft.Network/networkInterfaces/write' on scope '/subscriptions/8614f0e9-4f5c-45e7-910d-c333db70e733/resourceGroups/mrg-cisco-meraki-vmx-20240408124729/providers/Microsoft.Network/networkInterfaces/MerakiVPNNic'; however, it does not have permission to perform action 'Microsoft.Network/networkSecurityGroups/join/action' on the '0' linked scope(s) '' or the linked scope(s) are invalid and is blocked by deny assignments on the '1' linked scope(s) '/subscriptions/8614f0e9-4f5c-45e7-910d-c333db70e733/resourceGroups/mrg-cisco-meraki-vmx-20240408124729/providers/Microsoft.Network/networkSecurityGroups/MerakiVPNNic-nsg'.
     
     
    a few seconds ago
     
  •  
    Failed to create a new network security group
    Failed to create a new network security group 'MerakiVPNNic-nsg'. Error: The client 'Email Id' with object id '02ebd171-28d0-41bc-abdf-1ad78f2aa335' has permission to perform action 'Microsoft.Network/networkSecurityGroups/write' on scope '/subscriptions/8614f0e9-4f5c-45e7-910d-c333db70e733/resourceGroups/mrg-cisco-meraki-vmx-20240408124729/providers/Microsoft.Network/networkSecurityGroups/MerakiVPNNic-nsg'; however, the access is denied because of the deny assignment with name 'System deny assignment created by managed application /subscriptions/8614f0e9-4f5c-45e7-910d-c333db70e733/resourceGroups/CiscoMeraki-VPN/providers/Microsoft.Solutions/applications/MerakiVPN' and Id '2f62fb3724914da0a6b16eb45c191815' at scope '/subscriptions/8614f0e9-4f5c-45e7-910d-c333db70e733/resourceGroups/mrg-cisco-meraki-vmx-20240408124729'.
     
    Pls note I am the owner of the both RG and the subscription 
0 Kudos
0 Replies 0
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.