Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About akan33
akan33
Building a reputation
Member since Oct 24, 2017
Feb 4 2020
Kudos given to
Community Record
83
Posts
10
Kudos
0
Solutions
Badges
May 6 2018
11:12 PM
So it seems there are multiple customers complaining about this, they should take this situation more seriously from my point of view as it is not isolated.
... View more
Apr 26 2018
10:45 PM
Well ASAs monitor the LAN interfaces for failover purposes right, while Meraki doesn't, if you don't have a proper mesh between switches and MX you could have some undesired behavior, imagine you have an issue between the switch and the active unit, this active unit remains as Active, so traffic would go towards the passive and then the Active... Something to take into account. For that specific scenario you mention in the DC I wouldn't consider MX but other type of firewalls? MX is intended to be for enterprise only.
... View more
Apr 18 2018
1:31 AM
yes, that was suggested by Meraki support too and we have a probe continuously pinging from the meraki subnet towards the remote end subnets without success.
... View more
Apr 18 2018
1:09 AM
in my case yes. and no packet loss or big latency while happening. we also configured a probe from a meraki subnet to continuously ping the remote end subnets (to avoid tunnel expiration) but same result.
... View more
Apr 18 2018
12:54 AM
I have had issues with Meraki and ASA since I implemented it back in October, I have a ticket opened with them (since October too) and today we still have to reset the tunnel in the ASA side every now and then (random) as we don't know what's going on and it is really frustrating. I have tested everything and next step is going to be removing the MX if no fix is provided within a couple of weeks (we have another ASA in the same location as Meraki working perfectly). - crypto ACLs completely mirrored in both sides - Phase I is stable as you state, but phase 2 randomly stops passing traffic. - changed encryption algorithms multiple times and lifetime. - removed data lifetime since the beginning without success. - DPD configured in ASA since the beginning as it was requested by Meraki. - ASA running 9.1 and Meraki 13.28. - Support keeps passing the ticket from one engineer to another without any real progress. I also wonder at this point what is their support SLA as a ticket opened for 5-6 months without been resolved is really annoying 🙂 regards.
... View more
Mar 14 2018
3:10 AM
So your traffic stops passing randomly too? Honestly I have tried many different things already, there are days that it remains OK, maybe for 4 or 5 days, and some other times it could fail during 2 or 3 consecutive days. There is not a pattern which make it hard to troubleshoot. The only thing I know is that with another ASA that we have in the same location as Meraki it is working properly always.
... View more
Mar 11 2018
6:26 PM
Hi guys, I am still struggling with a tunnel issue where every certain and random time the tunnel just stops passing traffic even if it remains up (against a ASA firewall). I have a question regarding the interesting traffic ACLs. In the ASA it is very clear that you define source and destination subnets, but in Meraki, you define in the site-to-site the remote subnets participating, but in regards to the source (Local Meraki subnet) you just specificy globally whether it is in VPN or not. Does it mean I have to mirror in the ASA the ACL for every single local Meraki subnet participating in the VPN? Let's say I have 10.0.1.0/24 and 10.0.2.0/24 locally in Meraki. Both of them VPN -> yes. Then I have several remote subnets, let's say 172.16.0.0/24 172.16.0.1.0/24 ... But I only want communication between 10.0.1.0/24 and the remote subnets in ASA, therefore my ASA VPN ACL would look similar to: access-list vpnx extended permit ip 172.16.0.0 255.255.255.0 10.0.1.0 255.255.255.0 access-list vpnx extended permit ip 172.16.1.0 255.255.255.0 10.0.1.0 255.255.255.0 As 10.0.2.0 is participating in the Meraki VPN process, do I have to specify this subnet as well in the ASA? or it wouldn't be required? In any case, I understand that in case of not maching, this would affect only to the involved subnets, right? so it shouldn't cause any impact on the tunnel or the communication of the existing flows. thank you.
... View more
Feb 20 2018
12:38 AM
Confirmed. Known issue according to Meraki support, they are investigating now.
... View more
Feb 20 2018
12:27 AM
this sounds like they could have messed some things up? I am trying to call them but the system voice quality is really bad.
... View more
Feb 20 2018
12:16 AM
No logs regarding these switches, that was the first thing I did, but I am usually the only one touching this network. So they are in the inventory, they are 'used', and part of my network, but they are not in the switches tab anymore.
... View more
Feb 19 2018
11:52 PM
Yes they are in the inventory, and in the correct network. So I have no way to claim them again.
... View more
Feb 19 2018
11:38 PM
Hi all, I have logged a case but just to see whether this also happened to more people or not. I have a couple of 425 switches stacked acting as distribution, they have been there for several months working ok and just today I noticed that they are no longer appearing in the Dashboard (they were there just a few days ago), neither in the Stack tab nor the switches tab. Data plane is working fine though, but obviously no control over them anymore. No changes have been made recently. update: in the Organization - Summary report they still appear! but I don't know how to recover them in the rest of tabs :S
... View more
Feb 8 2018
5:36 PM
have you considered stacking them instead? I was told by a Cisco employee not to use the warm spare feature, never got the reason though but I guess it is just it was (is?) not mature enough.
... View more
that's weird, I engaged Cisco some months ago to test with a spare switch (2960), and converting it to MST worked for me so I am dealing with my production environment now to put it as MST too. what issues are you facing exactly with the port-channels?
... View more
Feb 7 2018
7:31 PM
'I usually hate to call support, but I am confident that if I have any further issues, I can call Meraki support and talk to qualified people who will do their best to help me.' Please tell me what number you are calling to, I think we don't call to the same number 😄 . Glad to hear that at least your experience is positive.
... View more
Feb 7 2018
5:52 PM
Has Meraki contacted you about this? That's scary, I have a couple of 425 as distribution, I am not migrating until things are clear.
... View more
Feb 7 2018
2:48 AM
My ticket is opened since December, I have contacted them multiple times, no success at all. Now someone else took the ticket and they keep asking again for the same basic information, what is your config, take capture, etc. I am sorry to say but this is not a Next generation firewall, unstable tunnels, VRRP HA, no outgoing NAT for other IPs but the WAN interface, terrible Support, etc. My level of frustration with this product is getting really high, very disappointed too.
... View more
Feb 5 2018
7:17 PM
It seemed more stable, it started to happen again though. Meraki doesn't provide any serious feedback on this one. They asked me whether nat-trasversal is activated in the ASA, it is, I think they are already running out of ideas. I have another ASA in the same building working steady and stable for long time.
... View more
Jan 24 2018
1:33 AM
Changing to 28800 seconds made the difference, I don't know it it is solved but it looks more stable. Meraki Support doesn't even respond anymore.
... View more
Jan 15 2018
11:34 PM
CCTVs are all working good now, but biometrics devices are still seeing this alert in the port, even if I have only a couple of them in a MS 250 it will be like that, weird.
... View more
Jan 12 2018
12:51 AM
one of them main benefits of having the VLAN gateway in the MX firewall is that you can integrate it with an AD and do security policies integration.
... View more
Jan 11 2018
6:34 PM
I agree on that splitting, 2 x 4 better than 8, but if it is supporting 8 on paper they should support it in the deployment, otherwise and without enough information this could end up on service affection.
... View more
Jan 11 2018
6:09 PM
To be honest, even if we knew about it, it is very disappointing, a cloud service benefit should includes easy backup restore. If they can't also destroy your data-config as stated in the previous post it is even more scary. It is unbelievable that you need to take manual screenshots to save your configuration in 2018. It should be as easy as 'Hey Support, I have had a massive issue, please restore my backup from day x'.
... View more
- « Previous
-
- 1
- 2
- Next »
Kudos given to
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 3 | 16466 | |
| 1 | 15049 | |
| 1 | 21148 | |
| 1 | 9695 | |
| 1 | 61707 |
© 2024 Cisco Systems, Inc.
