Community Record
10
Posts
3
Kudos
1
Solution
Badges
Jun 11 2019
6:54 AM
Thanks @kYutobi ! But do you know if it'll work in this topology that I've mentioned? As default to work with Client tracking by MAC MX should be L3...
... View more
Jun 11 2019
5:15 AM
Hello, I have some doubts about MX content filtering in this scenario: MX84 as firewall/internet edge with MS350 as L3 downstream with 5 Vlans Can I have the full functionality of Content Filtering feature in this case? I mean tracking clients by MAC? Or I'll still need to split my network and choose client tracking by IP? I think by MAC is the best way to go, Am I right?
... View more
Jun 4 2019
3:06 AM
1 Kudo
Thank you @PhilipDAth For now I'll choose my guessing as solution because it'll take some till I can test this routes in HQ ASA. For those searching for solution to the same problem, have in mind that this case just worked because the overlapping subnet 10.24.0.0 was not in use on both sites, but just in one side. If you have same networks on both sites, a Non-Meraki VPN won't work in this case(at least this way) because it does not have the VPN translation active. VPN translation, which is the feature that solves the problem of same subnets on both sites, only works with AutoVPN which is Meraki-to-Meraki VPNs. If you need more info: https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation
... View more
Jun 3 2019
7:34 AM
My huge problem is with subnets 172.16.0.0/12 and 172.24.0.0/16. 172.24.0.0/16 the subnet which MX is connected through the VPN(HQ) and from HQ we have another branch with the 172.16.0.0/12. In this other branch they have created the network 172.16.0.0/12, but they don't use the 172.24.0.0 network there. If I advertise the subnets from MX tunnel to HQ(on both ends vice-versa) this way: 172.16.0.0/13 172.24.0.0/16 172.25.0.0/16 172.26.0.0/15 172.28.0.0/14 I mean, excluding the overlap subnet from the 172.16.0.0/12, will it work?
... View more
Jun 1 2019
2:48 AM
Just found the issue: Overlapping subnets, with ASA in place I have no problem on working with these subnets. I need to have access to all of them over the VPN, how can I manage to fix that?
... View more
May 31 2019
9:43 AM
Thank you @PhilipDAth I just discovered that I can ping all subnets but one, I have 6 subnets advertised on VPN and just this one does not ping. I'm current at Branch and I don't have access to the HQ ASA, so I'll ask them just in last resort. As you can see I have a Core switch that gets my subnets routing With ASA in place, when I traceroute from a client below ASA I get these hops to the subnet that I'm unable to ping when Meraki is placed: 1 - 3ms - Gateway 2 - * 3 - 119ms - subnet in HQ Maybe it is something that I'm missing?
... View more
May 30 2019
9:09 AM
Hello, Need some help on accessing the subnets on the Non-Meraki S2S VPN peer. I already have up and running an IPsec tunnel between HQ and Branch(ASA to ASA), now the idea is to update our Branch ASA5510 to MX84. Just tested a VPN between MX84 and the HQ ASA and connects normally as I'm able to check over the " All Non-Meraki/Client VPN" event log. My work on replacing the ASA to MX was to mirror the conf in ASA to MX, advertising the subnets the way they were on ASA. The problem is that I'm not able to ping the HQ subnets from the MX. The only thing that I see suspicious is that in ASA I see several route as: route outside x.x.x.x(HQ subnet) 255.255.0.0 x.x.x.x(Branch MX WAN gateway) 10 I did configured a static route on MX, with HQ subnet pointing to MX local lan IP which does not go online on Route Table, tried too HQ subnet pointing to WAN gateway, but the MX does allow this stating that there's no subnet active as WAN subnet. What is the issue? Any help is appreciated
... View more
Dec 5 2018
1:24 AM
1 Kudo
Imagine a bridge over a river, on one side you have 1000 people that need to cross it to the other side. If all of them cross it at the same time, it is possible, but it will take longer to cross due to room space and it will be a mess, giving chance for accidents. But you have a problem: there's injured people, eldery and children amongst them, what will you do in this case? Just create lanes on the bridge separating the injured, eldery and children so they can cross it calm and safely. The rest of people will cross it normally through its own lane.
... View more
Jul 24 2018
1:15 PM
1 Kudo
Thanks man! I was suspicious about that too.
... View more
Jul 24 2018
10:27 AM
Hello, How's the compatibility for SD-WAN working with Meraki x Non-Meraki? We're planning to have a MX at the branch and some other vendor in HQ(maybe Versa's SD-WAN solution). Do you guys know if the SD-WAN capabilities will work between them? Does anyone implemented this scenario? I mean MX to any other vendor? Thanks!
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 5069 | Jun 3 2019 7:34 AM |
My Top Kudoed Posts
