Hi, I have a client that has configured a site to site VPN between a MX 95 and some 3rd party firewall. Everything is working from site to site EXCEPT the sync between a pair of Microsoft AD servers, one at each site.
Nothing apart from the VPN authentication settings has changed on the remote site. On the Meraki side the MX device "seems" to , by default have everything open and you add rules to close stuff out. Any idea as to why then, the ports for AD are not getting across??
You are right that by default all inbound traffic is allowed (which is the largest drawback of Meraki in my mind. If you want to make sure that your business-partners can't access just everything, you need a different device which is typically an additional ASA in my case).
You don't say anything about your setup so this is only a wild guess, but it is very often overlooked:
You are using IKEv2 and you have multiple subnets configured. The first established subnets work, but your AD controller is on the additional subnet which is not working. This would be an additional drawback of the Meraki MX as this is quite often incompatible to other vendors: