Greetings,
I have my MX100 with another MX100 in Spare mode and I have proceeded to make the following configuration:
Wan 1: 172.20.2.0/24 ISP 100 MB
Wan 2: 192.168.0.0/16 ISP 300 MB
In these MX I have configured 2 lan:
- Id lan 1 External 192.168.51.0/24
- Id lan 20 Internal 192.168.52.0/24
I have configured the lan 20 output rules for Wan 1 and lan 1 for wan 2
Everything works perfectly, lan 20 communicates with the servers that are behind 172.20.2.0 and when I do speed test it shows me the 2 speeds of the routers according to which lan is connected.
The problem comes when I want to configure Active directory with Meraki, I go to SD-WAN> Active Directory and configure everything leaving the configuration like this:
Short domain Ip server Admin.domain password state
Contoso 172.20.2.X XXX XXXX XXXX accept
I find the groups, but the problem is when I want to save the configuration, I get the following error:
There have been errors when saving this configuration:
The IP address 172.20.2.X is not on a configured local subnet, nor a remote subnet on the VPN.
Can someone help me?
Thanks so much!
Yeh, that's an annoying one. You have a firewall rule configured with a subnet, the one in the error, that doesn't exist in the Addressing & VLANs page. Go modify or delete that firewall rule and this error will go away.
Greetings,
First of all, thank you for answering.
In rules of the firewall I have gone to I don't appear any rule configured in the matter, I leave capture so that you see the problem in the matter
If anyone else can help me, I'd be very grateful.
Oh shoot, sorry @lmruiz , that error can pop up in a few different ways. I didn't notice that it was complaining about your AD server.
Is your AD server in a subnet attached to the MX? Or does the MX have a route to the destination if it's not attached?
The AD is at 172.20.2.20 (ip distributed by the AD) and users will connect to 192.168.52.0/24.
There are flow preference rules configured and I want users to log in by AD in meraki
Is 172.20.2.20 in a subnet directly connected to the MX? Do you have an entry for that subnet in the Addressing & VLANs page?
the 172.20.2.20 is a subnet that enters through wan 1 and there is no rule defined for this in the section of SD-WAN--> Vlan and address.
OK, this is the problem... Why is your AD server out an "Internet" port on the MX? It should be on the LAN side.
Should I change the ip to the AD and put one of the lanes on it?