Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About akan33
akan33
Building a reputation
Member since Oct 24, 2017
02-04-2020
Kudos given to
Community Record
83
Posts
10
Kudos
0
Solutions
Badges
06-06-2018
11:23 PM
maybe it is related to the anti-replay window size as per above comments, if that's the fix what it would be shocking to me is the fact that I have had my ticket open for months and no engineer has been able to provide any information, and that the 'fix' actually comes so late. In any case, the damage is made.
... View more
06-05-2018
08:24 PM
1 Kudo
yeah, Phase 1 remains up, but no SPI are built in the remote end, only resetting the ipsec or bouncing the tunnel works. I am trying to collect some debugging from the ASA to see if Cisco can helps here.
... View more
06-05-2018
07:57 PM
1 Kudo
marking the case as High priority won't make any different from my experience. I had my firewall running few months ago on 12.x and they asked me to move it to 13.28, same result. behavior is like you describe. I have escalated this issue to Cisco ASA engineer, I will keep you posted but I would recommend you to do the same as Meraki is not helping at all on this issue, it is very frustrating (they keep passing the ticket among engineers and I have to explain the same story every time, without any progress). regards.
... View more
05-09-2018
06:56 PM
What happen if your access switches are still downloading the new image and your distribution switches reboot? or the system is intelligent enough not to break the upload process? I saw the Staged upgrades, but I can't do it by myself, according to Support I have to make them a call and they will be the one activating the functionality and the process. Specifically for a 4 stack access that I have, with 2 uplinks to the distribution, they said that issues may happens and they are recommending me to schedule at least a 1 hour downtime per stack. That's a lot actually... for a critical business running 24 hours that's not easy to assume.
... View more
05-09-2018
02:40 AM
Hi guys, I have to perform some upgrades and I want to stage the activity with the support of Meraki, as I don't want to perform it in all my switches at the same time. The point is that these services are running 24 hours and are critical to the business, according to the Meraki dashboard and documentation the downtime is 1 minute while rebooting, but after discussion with Support they have recommended to schedule 1 hour downtime per stack (or more if possible as per their comments). They say that having 4 stacked switches (only 2 uplink) may be risky and sometimes issues can be found. What is your experience on these cases? It doesn't sound very safe to me. thank you.
... View more
05-07-2018
06:32 PM
What happen if we don't want to go for the latest release? I mean, we all know it is a pain to get a proper window when we have 24 hour users and it is business critical, with Cisco we just leave a release running for more than 1 year without issues, even years if we don't need any new feature.
... View more
05-06-2018
11:12 PM
So it seems there are multiple customers complaining about this, they should take this situation more seriously from my point of view as it is not isolated.
... View more
04-26-2018
10:45 PM
Well ASAs monitor the LAN interfaces for failover purposes right, while Meraki doesn't, if you don't have a proper mesh between switches and MX you could have some undesired behavior, imagine you have an issue between the switch and the active unit, this active unit remains as Active, so traffic would go towards the passive and then the Active... Something to take into account. For that specific scenario you mention in the DC I wouldn't consider MX but other type of firewalls? MX is intended to be for enterprise only.
... View more
04-18-2018
01:31 AM
yes, that was suggested by Meraki support too and we have a probe continuously pinging from the meraki subnet towards the remote end subnets without success.
... View more
04-18-2018
01:09 AM
in my case yes. and no packet loss or big latency while happening. we also configured a probe from a meraki subnet to continuously ping the remote end subnets (to avoid tunnel expiration) but same result.
... View more
04-18-2018
12:54 AM
I have had issues with Meraki and ASA since I implemented it back in October, I have a ticket opened with them (since October too) and today we still have to reset the tunnel in the ASA side every now and then (random) as we don't know what's going on and it is really frustrating. I have tested everything and next step is going to be removing the MX if no fix is provided within a couple of weeks (we have another ASA in the same location as Meraki working perfectly). - crypto ACLs completely mirrored in both sides - Phase I is stable as you state, but phase 2 randomly stops passing traffic. - changed encryption algorithms multiple times and lifetime. - removed data lifetime since the beginning without success. - DPD configured in ASA since the beginning as it was requested by Meraki. - ASA running 9.1 and Meraki 13.28. - Support keeps passing the ticket from one engineer to another without any real progress. I also wonder at this point what is their support SLA as a ticket opened for 5-6 months without been resolved is really annoying 🙂 regards.
... View more
03-14-2018
03:10 AM
So your traffic stops passing randomly too? Honestly I have tried many different things already, there are days that it remains OK, maybe for 4 or 5 days, and some other times it could fail during 2 or 3 consecutive days. There is not a pattern which make it hard to troubleshoot. The only thing I know is that with another ASA that we have in the same location as Meraki it is working properly always.
... View more
03-11-2018
06:26 PM
Hi guys, I am still struggling with a tunnel issue where every certain and random time the tunnel just stops passing traffic even if it remains up (against a ASA firewall). I have a question regarding the interesting traffic ACLs. In the ASA it is very clear that you define source and destination subnets, but in Meraki, you define in the site-to-site the remote subnets participating, but in regards to the source (Local Meraki subnet) you just specificy globally whether it is in VPN or not. Does it mean I have to mirror in the ASA the ACL for every single local Meraki subnet participating in the VPN? Let's say I have 10.0.1.0/24 and 10.0.2.0/24 locally in Meraki. Both of them VPN -> yes. Then I have several remote subnets, let's say 172.16.0.0/24 172.16.0.1.0/24 ... But I only want communication between 10.0.1.0/24 and the remote subnets in ASA, therefore my ASA VPN ACL would look similar to: access-list vpnx extended permit ip 172.16.0.0 255.255.255.0 10.0.1.0 255.255.255.0 access-list vpnx extended permit ip 172.16.1.0 255.255.255.0 10.0.1.0 255.255.255.0 As 10.0.2.0 is participating in the Meraki VPN process, do I have to specify this subnet as well in the ASA? or it wouldn't be required? In any case, I understand that in case of not maching, this would affect only to the involved subnets, right? so it shouldn't cause any impact on the tunnel or the communication of the existing flows. thank you.
... View more
02-20-2018
12:38 AM
Confirmed. Known issue according to Meraki support, they are investigating now.
... View more
02-20-2018
12:27 AM
this sounds like they could have messed some things up? I am trying to call them but the system voice quality is really bad.
... View more
02-20-2018
12:16 AM
No logs regarding these switches, that was the first thing I did, but I am usually the only one touching this network. So they are in the inventory, they are 'used', and part of my network, but they are not in the switches tab anymore.
... View more
02-19-2018
11:52 PM
Yes they are in the inventory, and in the correct network. So I have no way to claim them again.
... View more
02-19-2018
11:38 PM
Hi all, I have logged a case but just to see whether this also happened to more people or not. I have a couple of 425 switches stacked acting as distribution, they have been there for several months working ok and just today I noticed that they are no longer appearing in the Dashboard (they were there just a few days ago), neither in the Stack tab nor the switches tab. Data plane is working fine though, but obviously no control over them anymore. No changes have been made recently. update: in the Organization - Summary report they still appear! but I don't know how to recover them in the rest of tabs :S
... View more
02-08-2018
05:36 PM
have you considered stacking them instead? I was told by a Cisco employee not to use the warm spare feature, never got the reason though but I guess it is just it was (is?) not mature enough.
... View more
that's weird, I engaged Cisco some months ago to test with a spare switch (2960), and converting it to MST worked for me so I am dealing with my production environment now to put it as MST too. what issues are you facing exactly with the port-channels?
... View more
02-07-2018
07:31 PM
'I usually hate to call support, but I am confident that if I have any further issues, I can call Meraki support and talk to qualified people who will do their best to help me.' Please tell me what number you are calling to, I think we don't call to the same number 😄 . Glad to hear that at least your experience is positive.
... View more
02-07-2018
05:52 PM
Has Meraki contacted you about this? That's scary, I have a couple of 425 as distribution, I am not migrating until things are clear.
... View more
02-07-2018
02:48 AM
My ticket is opened since December, I have contacted them multiple times, no success at all. Now someone else took the ticket and they keep asking again for the same basic information, what is your config, take capture, etc. I am sorry to say but this is not a Next generation firewall, unstable tunnels, VRRP HA, no outgoing NAT for other IPs but the WAN interface, terrible Support, etc. My level of frustration with this product is getting really high, very disappointed too.
... View more
Kudos given to
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 3 | 14377 | |
| 1 | 2092 | |
| 1 | 13011 | |
| 1 | 15572 | |
| 1 | 7141 |
