The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About DSchn
DSchn

DSchn

Here to help

Member since Nov 22, 2018

‎02-24-2023
Kudos given to
User Count
alemabrahao
Kind of a big deal alemabrahao
1
SkyS
SkyS
1
Mr_IT_Guy
Mr_IT_Guy
2
View All

Community Record

12
Posts
0
Kudos
0
Solutions

Badges

First 5 Posts
Lift-Off View All
Latest Contributions by DSchn
  • Topics DSchn has Participated In
  • Latest Contributions by DSchn

Re: How to copy all "SD-WAN & traffic shaping" settings?

by DSchn in Developers & APIs
‎02-28-2023 05:55 AM
‎02-28-2023 05:55 AM
Thank you. Disappointing that the API is kinda crippled. How does Meraki suppose that we work in big network environments? Doing all by hand? ... View more

Re: How to copy all "SD-WAN & traffic shaping" settings?

by DSchn in Developers & APIs
‎02-23-2023 04:02 AM
‎02-23-2023 04:02 AM
Thanks, I already looked there, but it seems the API is missing many settings like the ones I mentioned. Any chance the API will be updated? Is there any other way to copy such settings? Can't find anything at the dashboard too, only using templates which I don't want to do. ... View more

How to copy all "SD-WAN & traffic shaping" settings?

by DSchn in Developers & APIs
‎02-23-2023 02:32 AM
‎02-23-2023 02:32 AM
When I understand the API documentation correctly it is not possible to copy all "SD-WAN & traffic shaping" settings like local internet breakout / VPN exclusion rules or SD-WAN policies, or did I miss it somewhere?   If that is not possible, how am I supposed to roll out changes in those settings to all our networks? ... View more

Re: Using DUO for 2FA - how to?

by DSchn in Security / SD-WAN
‎02-26-2019 05:31 AM
‎02-26-2019 05:31 AM
Thank you very much for explaining the difference and functionalities! So what I need is the Auth. Proxy as we just want to secure the VPN access. As I understand the Auth. Proxy can check for AD group memberships just like our RADIUS is doing right now, is that correct? I suppose the Auth. Proxy will sync our AD groups to the DUO administration console? We still would keep the RADIUS for the wifi connections and as a backup if anything goes south. ... View more

Using DUO for 2FA - how to?

by DSchn in Security / SD-WAN
‎02-26-2019 03:07 AM
‎02-26-2019 03:07 AM
Dear all,   we are already using our MX400 for providing client VPN access (with RADIUS) and now want to have a two-factor authentication setup. It seems DUO does the trick, but what exactly is to be done? I read about a DUO access gateway and a authentication proxy, are they the same tool? And what about the Windows 7/10 VPN connection: where will the user put in the authentication code?   Sorry, I'm a bit confused how this exactly works out with DUO. ... View more

Re: Client VPN split tunneling via DHCP options?

by DSchn in Security / SD-WAN
‎11-26-2018 02:37 AM
‎11-26-2018 02:37 AM
Maybe I'm getting it wrong, but there is no possibility to set DHCP options in the 'Client VPN' settings of the dashboard, or is there? What I meant: there should be either a switch 'Split Tunneling' or similar in /configure/client_vpn_settings which activates DHCP option 121 on the Meraki DHCP server, so it pushes the VPN enabled static routes to the VPN clients. That would be the only viable solution. But I don't see any switch and under 'DHCP' I only can set options for our VLANs, but not for the client VPN subnet.   ... View more

Re: Client VPN split tunneling via DHCP options?

by DSchn in Security / SD-WAN
‎11-25-2018 09:48 PM
‎11-25-2018 09:48 PM
Well thank you, but as I said, I don't want to configure every single client for itself, because when routes are added/changed I would have to reconfigure every single client again. Why wouldn't Meraki be able to do that? If the MX, where one terminates and pulls the DHCP settings/option from, just pushes DHCP option 121 it would allow automatic split tunneling. Then just add an option to enable or disable that feature and voila! Or do I miss something here?   Apart from that, every other serious solution I know on the market is able to enable split tunneling directly on the VPN server side so I think this is something Meraki should be able to do as well? ... View more

Re: Client VPN split tunneling?

by DSchn in Security / SD-WAN
‎11-25-2018 09:38 PM
‎11-25-2018 09:38 PM
DNS doesn't have to do anything with VPN at all, at least not regarding split tunneling/routing. ... View more

Re: Client VPN split tunneling?

by DSchn in Security / SD-WAN
‎11-23-2018 01:05 AM
‎11-23-2018 01:05 AM
That sure is a nice feature for certain cases, but DNS resolution is not the problem with split tunneling, but the static routing is. As long as the client doens't know that for example 172.0.0.0/8 should go through the tunnel (which Meraki advises to put manually in the routing table of the client) it will try to use the standard interface and not the VPN device and thus fail to reach the host within the 172.0.0.0/8 network. One sure can activate the the VPN device to be the standard gateway, but then ALL traffic will go through VPN which (for us) is not desirable. We only want to have business traffic going through the VPN tunnel and the rest of the (private) traffic go through the users private connection. ... View more

Client VPN split tunneling via DHCP options?

by DSchn in Security / SD-WAN
‎11-22-2018 09:49 PM
‎11-22-2018 09:49 PM
I find the current Meraki solution how to 'activate' split tunneling by simply manually adding the relevant routes to each client not very satisfying. I don't want to manually enroll routes on every single client. Yes I know it would be possible by scripting or else, but because it's prone to errors and double work (configuring routes on the dashboard + in the GPO) that's no viable option.   Will there be a solution for the routes to be pushed by the VPN DHCP Server? It should be possible with DHCP option 121 / 249? This could be solved by an additional option on the VPN dashboard to activate split tunneling, so the DHCP would push the static routes that have 'In VPN?' on 'Yes'. ... View more

Re: Client VPN split tunneling?

by DSchn in Security / SD-WAN
‎11-22-2018 09:41 PM
‎11-22-2018 09:41 PM
When connecting to the VPN you need a local DHCP Server issuing an IP and via DHCP options push the routes that are activated in the Meraki dashboard, so split tunnelling is possible. I don't see how a cloud based DNS would help in that case? ... View more

Re: Client VPN split tunneling?

by DSchn in Security / SD-WAN
‎11-22-2018 05:11 AM
‎11-22-2018 05:11 AM
I find this not very satisfying as I don't want to manually enroll routes on every single client, no matter if it is possible by scripting or not.   Will there be a solution for the routes to be pushed by the VPN DHCP Server via L2TP? It should be possible with DHCP option 121 / 249. ... View more
Kudos given to
User Count
alemabrahao
Kind of a big deal alemabrahao
1
SkyS
SkyS
1
Mr_IT_Guy
Mr_IT_Guy
2
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Cookies
  • Terms of Use
© 2023 Meraki