Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About DSchn
DSchn
Here to help
Member since Nov 22, 2018
Feb 24 2023
Community Record
12
Posts
0
Kudos
0
Solutions
Badges
Feb 28 2023
5:55 AM
Thank you. Disappointing that the API is kinda crippled. How does Meraki suppose that we work in big network environments? Doing all by hand?
... View more
Feb 23 2023
4:02 AM
Thanks, I already looked there, but it seems the API is missing many settings like the ones I mentioned. Any chance the API will be updated? Is there any other way to copy such settings? Can't find anything at the dashboard too, only using templates which I don't want to do.
... View more
Feb 23 2023
2:32 AM
When I understand the API documentation correctly it is not possible to copy all "SD-WAN & traffic shaping" settings like local internet breakout / VPN exclusion rules or SD-WAN policies, or did I miss it somewhere? If that is not possible, how am I supposed to roll out changes in those settings to all our networks?
... View more
Feb 26 2019
5:31 AM
Thank you very much for explaining the difference and functionalities! So what I need is the Auth. Proxy as we just want to secure the VPN access. As I understand the Auth. Proxy can check for AD group memberships just like our RADIUS is doing right now, is that correct? I suppose the Auth. Proxy will sync our AD groups to the DUO administration console? We still would keep the RADIUS for the wifi connections and as a backup if anything goes south.
... View more
Feb 26 2019
3:07 AM
Dear all, we are already using our MX400 for providing client VPN access (with RADIUS) and now want to have a two-factor authentication setup. It seems DUO does the trick, but what exactly is to be done? I read about a DUO access gateway and a authentication proxy, are they the same tool? And what about the Windows 7/10 VPN connection: where will the user put in the authentication code? Sorry, I'm a bit confused how this exactly works out with DUO.
... View more
Nov 26 2018
2:37 AM
Maybe I'm getting it wrong, but there is no possibility to set DHCP options in the 'Client VPN' settings of the dashboard, or is there? What I meant: there should be either a switch 'Split Tunneling' or similar in /configure/client_vpn_settings which activates DHCP option 121 on the Meraki DHCP server, so it pushes the VPN enabled static routes to the VPN clients. That would be the only viable solution. But I don't see any switch and under 'DHCP' I only can set options for our VLANs, but not for the client VPN subnet.
... View more
Nov 25 2018
9:48 PM
Well thank you, but as I said, I don't want to configure every single client for itself, because when routes are added/changed I would have to reconfigure every single client again. Why wouldn't Meraki be able to do that? If the MX, where one terminates and pulls the DHCP settings/option from, just pushes DHCP option 121 it would allow automatic split tunneling. Then just add an option to enable or disable that feature and voila! Or do I miss something here? Apart from that, every other serious solution I know on the market is able to enable split tunneling directly on the VPN server side so I think this is something Meraki should be able to do as well?
... View more
Nov 25 2018
9:38 PM
DNS doesn't have to do anything with VPN at all, at least not regarding split tunneling/routing.
... View more
Nov 23 2018
1:05 AM
That sure is a nice feature for certain cases, but DNS resolution is not the problem with split tunneling, but the static routing is. As long as the client doens't know that for example 172.0.0.0/8 should go through the tunnel (which Meraki advises to put manually in the routing table of the client) it will try to use the standard interface and not the VPN device and thus fail to reach the host within the 172.0.0.0/8 network. One sure can activate the the VPN device to be the standard gateway, but then ALL traffic will go through VPN which (for us) is not desirable. We only want to have business traffic going through the VPN tunnel and the rest of the (private) traffic go through the users private connection.
... View more
Nov 22 2018
9:49 PM
I find the current Meraki solution how to 'activate' split tunneling by simply manually adding the relevant routes to each client not very satisfying. I don't want to manually enroll routes on every single client. Yes I know it would be possible by scripting or else, but because it's prone to errors and double work (configuring routes on the dashboard + in the GPO) that's no viable option. Will there be a solution for the routes to be pushed by the VPN DHCP Server? It should be possible with DHCP option 121 / 249? This could be solved by an additional option on the VPN dashboard to activate split tunneling, so the DHCP would push the static routes that have 'In VPN?' on 'Yes'.
... View more
Nov 22 2018
9:41 PM
When connecting to the VPN you need a local DHCP Server issuing an IP and via DHCP options push the routes that are activated in the Meraki dashboard, so split tunnelling is possible. I don't see how a cloud based DNS would help in that case?
... View more
Nov 22 2018
5:11 AM
I find this not very satisfying as I don't want to manually enroll routes on every single client, no matter if it is possible by scripting or not. Will there be a solution for the routes to be pushed by the VPN DHCP Server via L2TP? It should be possible with DHCP option 121 / 249.
... View more
© 2024 Cisco Systems, Inc.
