Rolled out Anyconnect, users now seeing Meraki MX status page

Miyo360
Getting noticed

Rolled out Anyconnect, users now seeing Meraki MX status page

Hi.

 

I post this question on reddit.com/r/cisco, but didn't get a response, so hoping for some feedback here instead...

 

I recently rolled out Anyconnect, which is working great for it's intended use - getting users conected when outside the office. However, one consequence is that when users are in the office, they are randomly seeing this message https://i.imgur.com/C3DNGWA.png. Closing the web window will cause it to reappear a few moments later.

 

Whilst in the office users don't need to use the VPN, so I ask them to quit the application from the tray icon and that resolves the issue. What is wrong with my config to cause this issue?

 

On the Meraki MX we don't use captive portals and in these cases their laptops are wired (via a dock) into our prod vlan.

3 Replies 3
RWelch
A model citizen

DeviceConfiguration.png

What do you see when you go to Network-wide > Configure > General settings for Device Configuration?  If it's set to enabled, you can select disabled.

Miyo360
Getting noticed

It is enabled. If I disable this, how could I manage the MX? When clicking the 'what is this' link below, it says the MX will not be able to be managed locally and to configure remote management, then redirects to the firewall rules. Is remote management the only way?

 

After talking again with the user that reported this, it seems he was out the office with the VPN established, then closed his laptop sending it to sleep, then woke it up on when inside the office. Perhaps I need to tweak the AnyConnect settings using the Profile Editor? I believe there is a way for Secure Client to detect different 'known' networks and enforce, or not, certain settings?


Thanks.

RWelch
A model citizen

Network-wide > Configure > General settings for Device Configuration

With Device Configuration enabled, local users on your network will have the ability to see/access the local Meraki equipment and make login attempts.  If disabled, they will NOT be able to access it locally (it's a protection mechanism to BLOCK logins locally).  Typically after the device has connected to the dashboard this is DISABLED to prevent local access since it's managed normally via the dashboard.

You would therefore manage the Meraki equipment through the dashboard.  Just be sure to have more than 1 admin in case that lone admin loses access.  It's best practice to have multiple administrators in case one gets locked out.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.