Legacy products notice
Supported products notice
Bug fixes - VPN
Bug fixes - other
Known issues - all
Known issues – MX84,MX100
Known issues – MX67,MX68,Z3
Resolved an issue where traffic could be incorrectly dropped under the following conditions 1) the MX appliance was configured to operate in passthrough / VPN concentrator mode, 2) the MX was configured to track clients by IP address, and 3) traffic was sourced from IP addresses 10.128.128.126, 10.128.128.127, 10.128.128.128, 10.128.128.129, 10.128.128.130, or 10.128.128.131.
Some times, I'd really wish for the opportunity to get more details on bugs and their fixes....
Just as much as the long standing;
Client traffic will be dropped by MX65(W), MX67(C,W), and MX68(W,CW) appliances if 1) The client is connected to a LAN port with 802.1X authentication enabled and 2) The VLAN ID of the port is configured to 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, or 240.
Well I just i found out they will not be fixing the LLDP/CDP Issue on the MX250 and MX450. Looks like the developers dont find it a real world impact. Guess I will be pulling the plug on Meraki. This is complete garbage. Never will i recommend another meraki product to any of our customers, if thats how they treat their flagship models. HALF BAKED!
I upgraded from 16.4 to 16.9 and now I'm getting an "Untrusted Server Blocked" error message when I try to connect with AnyConnect. The dynamic DNS name appears to be the same so I'm not sure what would cause that. Maybe something went sideways with the certificate during the upgrade. I'll probably open a support ticket.
Yep, I upgraded two sites last night and now I'm getting this as well. @Bsalami may be able to get this resolved quickly I'm hoping.
My sites were running 16.6 and 16.7 respectively.
It appears it shifted from an an external CA-issued cert to a self-signed one.
This is what we get now:
This is from a unit running 16.7:
Just note that rolling back to 16.7 on one of the devices didn't fix the issue, it has a self-signed cert again.
You get out of this situation by changing the dynamic hostname to something else, wait some time, and then back to your original name.
Have you tried this with 16.9? I ask because, as per the separate thread I made on this, I can't even get AnyConnect to come up or resolve on another MX I have that I upgraded. I feel this may be a bigger issue on the certificate issuing and hostname integration side of things. I've opened a ticket about it.
I tried 16.9, ran into the same issue (changing hostnames did not help), rolled back, and after the next change of the hostname everything was fine again.
OK thanks. I'll try that after hours on them if we don't get this resolved today.
Please open a case with Meraki Support to upgrade to 16.8. We are investigating the AnyConnect cert issue reported on 16.9.
I performed what was indicated by @KarstenI on the MX I rolled back to 16.7 and it worked in terms of creating a valid certificate again.
I forwarded this thread to the guy I was speaking with on the ticket, but I haven't heard anything back yet, but at least the error is gone.