Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About KevinH
KevinH
Here to help
Member since Nov 19, 2018
Jan 22 2020
Community Record
18
Posts
7
Kudos
1
Solution
Badges
Jan 22 2020
6:15 AM
Last week I had an incident where Google DNS was briefly being Content Filtered under the category of Proxy Avoidance and Anonymizers. All the clients had no internet access when that happened. Meraki tech support said a third party controls the block list and basically said it wasn't their problem.
... View more
Jan 17 2020
1:11 PM
I could not get this to work however Meraki Tech Support said "Flow preferences should be applied to any WAN bound traffic." Will keep trying.
... View more
Jan 16 2020
6:37 PM
"You can likely influence the SSID RADIUS traffic as that's traversing the MX..." I can test this. As long as I can influence one it should be good enough. Will report back my finding.
... View more
Jan 16 2020
5:02 PM
@jdsilva I waited 3 hours and it did not work. @PhilipDAth Thanks for the reply. Unfortunately my Radius service can't match on attributes. They're pretty basic but they have an MFA feature. I guess I'm out of luck.
... View more
Jan 16 2020
1:22 PM
If you don't want to invest much, you could also split it up by port numbers. For example: www.domain.com goes to the web server (port 80). mail.domain.com:8080 (for example) goes to Exchange. Forward by port number. You'll have to tell your users to append the :8080 when entering the URL. You'll have to configure Exchange's webmail to accept port 8080. This is a workaround, but it won't cost you anything.
... View more
Jan 16 2020
1:12 PM
1 Kudo
Oh, thank you for the info. I will wait one hour and see if it works.
... View more
Jan 16 2020
12:57 PM
2 Kudos
I think you might be looking for a reverse proxy. This is a good video: https://www.youtube.com/watch?v=2fL8Otb9mTE
... View more
Jan 16 2020
12:37 PM
Hi guys, I have an MX with two WANs from different ISPs. WAN1 is primary. I authenticate my SSID via RADIUS from a RADIUS-as-a-Service on the internet. This is working. I configured Client VPN with RADIUS authentication and it's working. My RADIUS-as-a-Service has an option for MFA (TOTP). I want to turn on MFA for Client VPN connections but not wireless connections. I can specify different RADIUS server IPs in the SSID settings and the Client VPN settings. Got that. My RaaS has multiple public static IPs and recognizes by Source IP. So I would like to RADIUS traffic from SSID auth requests to go out WAN1, and RADIUS traffic for Client VPN auth requests to go out WAN2. That way my RADIUS service knows to only ask for MFA from requests coming from WAN2's IP. I made the Traffic Shaping rules in Flow Preferences accordingly. But it looks like RADIUS traffic does not obey these rules. Does anyone know if RADIUS traffic are supposed to obey traffic shaping rules? My Rules are basically: Protocol:Any Source:Any Destination:RaaS-IP-1 DestPort:Any Preferred uplink:WAN1 Protocol:Any Source:Any Destination:RaaS-IP-2 DestPort:Any Preferred uplink:WAN2 I can tell that all RADIUS traffic looks like it's coming from WAN1. This is because the shared key I use for WAN1 works for both wireless and Client VPN. When I use the shared key meant for WAN2, it doesn't work.
... View more
Aug 6 2019
8:28 AM
Thanks. I do have Client VPN set Use VPN "yes". No AWS firewall rules blocking and no SG groups blocking. I have Routes setup. No idea where it's blocking.
... View more
Aug 3 2019
6:31 AM
I have an MX and vMX (in AWS) connected via site-to-site VPN. Local clients on the MX are able to access hosts connected to the vMX (EC2 instances, etc.) It works great. The problem is Client VPN connections. When I VPN to the MX, I am not able to access anything in AWS. I can access things connected to the MX though. The local client subnet is 10.180.1.0/24 and the Client VPN subnet is 10.181.1.0/24. I have Route Tables in AWS setup for both and are the same. The Security Groups are the same. The Network ACLs are the same. I don't know where else to check. Any ideas? One weird thing is that I can VPN to the vMX in AWS, but I can't ping stuff locally. I can ping stuff on the MX 10.180.1.0/24. I'm guessing something in AWS is blocking or misconfigured for my Client VPN subnets. But I have things the same I think.... any suggestions would be appreciated.
... View more
Jun 19 2019
5:37 PM
2 Kudos
Ya, that troubleshooting guide was the lifesaver. I ended up needing a registry key entry to make the Client VPN work. On a different Windows computer, I needed to change a Windows Service startup. So that troubleshooting guide was way more important/useful than I thought. Thanks for your help!
... View more
May 16 2019
1:58 PM
1 Kudo
Wow, I can connect to the client VPN from my Android phone with the native Android VPN client. So I guess I'm the problem. (Wouldn't be the first time.)
... View more
May 16 2019
1:15 PM
I put a Windows EC2 instance in the same subnet as the vMX100. Gave it a public IP, has the same security group and network ACL as the vMX100. I am able to RDP to it on its public IP. So I guess there is no network block. (I have everything wide open inbound and outbound.) Does the vMX100 instance itself have a firewall or SELinux or IP filtering on it? I don't have to manually go into it, do I?
... View more
May 16 2019
12:09 PM
Thank you for your suggestions. Yes, Client VPN is enabled. I just tried tethering my computer to my phone and connecting, but I always get the message that the remote server is not responding. I get the same message from the office, and home. I suspect it's somewhere in AWS, but not sure where.
... View more
May 16 2019
11:38 AM
Site-to-site is good now, but my Client VPN still isn't working. I'm not able to connect to the AWS Public IP. I've checked my security groups and network ACLs. I've got them wide open inbound and outbound. No luck connecting to the public IP.
... View more
May 16 2019
7:48 AM
Hmm, it seems to be working today. I guess it just took time. Longer than I thought. I am going to continue testing and update later. I used Ubuntu server and Windows server EC2 instances for testing. I can connect to both now.
... View more
May 14 2019
7:47 PM
Hello, We've deployed a vMX100 in AWS, but seeing two issues. First the good: I can connect site-to-site VPN to my other physical MX devices as a hub. AutoVPN connects very easily. Issue #1: I can't connect via Client VPN to the vMX100. Seems like it's blocked somewhere, but I have Network ACLs and Security Groups allowing All Traffic to the VPN, Subnet, and Security Group. Issue #2: I can ping the vMX100 from my laptop which is a client of another MX device (and is connected with AutoVPN). But I cannot ping/connect to any EC2 instances behind the vMX100. Although from an EC2 instance, I can ping my laptop. Again, I've checked the ACLs and Security Groups and I've got them as wide open as possible. Any suggestions? Thanks in advance for any help.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 2830 | Jan 16 2020 12:57 PM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 2830 | |
| 2 | 7126 | |
| 1 | 3372 | |
| 1 | 7244 |
© 2025 Cisco Systems, Inc.
