The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About Duke_Nukem
Duke_Nukem

Duke_Nukem

Getting noticed

Member since Sep 21, 2017

2 weeks ago
Kudos from
User Count
MattMorg
Meraki Employee MattMorg
1
CharlesIsWorkin
CharlesIsWorkin
1
thomasthomsen
thomasthomsen
1
Roska
Roska
1
cmr
Kind of a big deal cmr
1
View All
Kudos given to
User Count
PhilipDAth
Kind of a big deal PhilipDAth
2
View All

Community Record

21
Posts
6
Kudos
0
Solutions

Badges

CMNO
1st Birthday
First 5 Posts
Lift-Off View All
Latest Contributions by Duke_Nukem
  • Topics Duke_Nukem has Participated In
  • Latest Contributions by Duke_Nukem

Re: [Important Notice] Meraki SM Legacy and Free 100 Retirement

by Duke_Nukem in Mobile Device Management
3 weeks ago
1 Kudo
3 weeks ago
1 Kudo
Well that sucks.  We've been using it for the last 10 years.  More recently as a backup to Intune for the last 3 years.  The interface and tools are great, and quick to use.  It was a good run. ... View more

Re: Client VPN Error After January Windows Updates

by Duke_Nukem in Security / SD-WAN
‎01-17-2022 09:48 AM
1 Kudo
‎01-17-2022 09:48 AM
1 Kudo
Having a hell of a time trying to post this. This hit my pilot WUFB group (15 laptops).  Thankfully didn't release it to the masses (~400 laptops).  What's interesting is I'm not seeing the error connecting the windows VPN to my DR site.  That site is running an older MX80 (14.56), but it has the PCI compliant VPN settings in place on the MX.  So my VPN client connects without issue having the latest MS patch installed. (AES256, SHA1, DH14, IKEV1).  Our main VPN site is running an MX100 (15.44) but it does not have the PCI compliant settings in place (couldn't get it to work correctly with our CMAK VPN client a few months back so we had the tech back it out).   Just some more data to add to the pile... ... View more

Re: Client VPN Error After January Windows Updates

by Duke_Nukem in Security / SD-WAN
‎01-17-2022 05:00 AM
‎01-17-2022 05:00 AM
This hit my pilot WUFB group (15 laptops).  Thankfully didn't release it to the masses (~400 laptops).  What's interesting is I'm not seeing the error connecting the windows VPN to my DR site.  That site is running an older MX80 (14.56), but it has the PCI compliant VPN settings in place on the MX.  So my VPN client connects without issue having the latest MS patch installed. (AES256, SHA1, DH14, IKEV1).  Our main VPN site is running an MX100 (15.44) but it does not have the PCI compliant settings in place (couldn't get it to work correctly with our CMAK VPN client a few months back so we had the tech back it out).   Just some more data to add to the pile... ... View more

Re: Remote Management Username & Password

by Duke_Nukem in Mobile Device Management
‎07-07-2021 11:41 AM
‎07-07-2021 11:41 AM
Having the same issue here (using the Legacy/free version).  Creating a managed Meraki owner account was able to get us past it.  For now... ... View more

Re: Meraki MX64 Windows 10 VPN setup resets

by Duke_Nukem in Security / SD-WAN
‎02-17-2021 05:31 AM
‎02-17-2021 05:31 AM
Thanks!  And thanks to @PhilipDAth for the excellent script/webpage that makes it!  I was able to use our deployment software to push it to a few test machines as the System account.  That worked.    Other questions, and sorry for my ignorance on some of these questions.  Been down so many search rabbit holes...   I'm trying to get Cisco Meraki support to change the Client VPN settings (AES128 and Group 14).  Just on our DR site's MX, for testing.  When they make the change, will my current VPN client on Windows 10 (created with the CMAK) still connect, but just at a lower encryption? In order to use the PCI compliant encryption, I would need to redeploy our VPN client, like the one I created using PhilipDAth's script?  Or can I somehow script the change in just the Cryptographic suite being used for the current VPN connection? Lastly, do I need to have Cisco Meraki support turn off the lower encryption (3DES?) that is being used for the VPN client currently, to pass the PCI scans?     Sorry for all the questions.  Just trying to get a handle on this, and trying not to have this blow up in my face.     Thanks!     ... View more

Re: Meraki MX64 Windows 10 VPN setup resets

by Duke_Nukem in Security / SD-WAN
‎02-12-2021 02:14 PM
‎02-12-2021 02:14 PM
I can't get the VPN connection to install under the logged on user when running the script as an admin.  It only shows up under the admin's account.  How are you running it as System?  Using a deployment software, like PDQ Deploy?   Thanks,   ... View more

Re: AnyConnect VPN support for MX devices

by Duke_Nukem in Security / SD-WAN
‎05-14-2020 09:14 AM
‎05-14-2020 09:14 AM
Love the crickets.... ... View more

Re: AnyConnect VPN support for MX devices

by Duke_Nukem in Security / SD-WAN
‎05-08-2020 05:19 AM
1 Kudo
‎05-08-2020 05:19 AM
1 Kudo
I'm not talking just beta.  My fear is they will roll this out to only those models.  Can a Cisco Meraki employee confirm? ... View more

Re: AnyConnect VPN support for MX devices

by Duke_Nukem in Security / SD-WAN
‎05-07-2020 04:20 AM
2 Kudos
‎05-07-2020 04:20 AM
2 Kudos
I contacted my VAR to see if he's heard anything from his rep at Cisco.  They told him that it will only be available to the MX250/450 and MX67/68.  He also they said it would go Public Beta Q1 FY21 (August of this year).     This can't be limited to just those models.  That's crazy.  Say it ain't so. ... View more

Re: From Legacy to Licensed, Profile Installation on Windows 10

by Duke_Nukem in Mobile Device Management
‎12-11-2019 12:23 PM
‎12-11-2019 12:23 PM
Been doing some testing and am running into various walls. 1.  It looks like you have to be a Local Admin on the machine to do the enrollment of the Profile for Domain-joined PCs.   2.  This command at least calls the enrollment process, but it doesn't enter the Network ID.  It still prompts for that. Tried all the other parameters for that command too.  No dice.  AND you still need to be a local admin.   ms-device-enrollment:?mode=mdm&username=email@domain.com&servername=n123.meraki.com&tenantidentifier=123-456-7890   If only the Agent had the functionality to install the Windows Profile. ... View more

Re: From Legacy to Licensed, Profile Installation on Windows 10

by Duke_Nukem in Mobile Device Management
‎12-10-2019 08:14 AM
‎12-10-2019 08:14 AM
There is an Intune process using GP, but that can't be used for this. https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy   There has to be a way to automate this.   ... View more

Re: From Legacy to Licensed, Profile Installation on Windows 10

by Duke_Nukem in Mobile Device Management
‎12-10-2019 07:05 AM
‎12-10-2019 07:05 AM
Of the SM Profile? Not the Agent. We already push the Agent via GPO. ... View more

From Legacy to Licensed, Profile Installation on Windows 10

by Duke_Nukem in Mobile Device Management
‎12-10-2019 05:35 AM
‎12-10-2019 05:35 AM
Greetings,   We're contemplating making the move from Legacy SM to Licensed SM.  Some of the Sentry improvements look interesting/useful.  Any regrets from others out there that have made the move?   Also, we have about 800 devices in SM currently.  A mix of Windows 10, Windows Servers, iPhones, and iPads.  All of our Windows 10 devices have the Agent installed.  Is there an automated way to get the SM Profile installed on them?  Doing it manually on each machine would take forever.  And sending an enrollment link email to the masses will get mixed results. Group Policy? PowerShell?   Thanks. ... View more
Labels:
  • Labels:
  • Enrollment

Re: Guest network allowed to ping local workstations?

by Duke_Nukem in Wireless LAN
‎11-20-2019 06:10 AM
‎11-20-2019 06:10 AM
That's great, but do a search for a tool called Iodine.  Port 53 needs to be blocked.  The tech I had on the call showed me the tool and how it can be used in this scenario.  Eye opening... ... View more

Re: Guest network allowed to ping local workstations?

by Duke_Nukem in Wireless LAN
‎11-04-2019 10:29 AM
‎11-04-2019 10:29 AM
Opened a ticket with Meraki last week.  Confirmed with them via packet captures that a client on the Guest wifi could talk to servers on the internal LAN.  Was able to telnet via port 53 to our DNS/AD servers. Definitely a bug in their setup.   Temporary fix was to add the explicit "deny any 192.168.0.0/16 any" to all of our WiFi networks that use Meraki NAT mode (Guest, mobile phones, scanners). ... View more

Re: Guest network allowed to ping local workstations?

by Duke_Nukem in Wireless LAN
‎10-28-2019 05:07 PM
1 Kudo
‎10-28-2019 05:07 PM
1 Kudo
Back from the dead again...   We recently had a Network Security Assessment done and the assessor informed us of the ability to see the internal/private LAN when on the Guest wifi network using nmap.  My settings are the same as the original poster - Deny any to the Local LAN.  AND the Captive Portal strength is set to Block all access until sign-on is complete.     They could see all machines on the local LAN and discover open ports/services.     This isn't the behavior I thought we had in place.  Not good.  Not happy. ... View more

Re: Meraki HTTPS traffic to SM clients increased dramatically

by Duke_Nukem in Mobile Device Management
‎06-28-2018 09:51 AM
‎06-28-2018 09:51 AM
The increased traffic ceased yesterday at 4 PM EDT and hasn't returned. ... View more

Re: Meraki System Manager has been really slow the last week or so

by Duke_Nukem in Mobile Device Management
‎06-28-2018 07:48 AM
‎06-28-2018 07:48 AM
We have seen a delay in setting up iPhones in the past week.  Maybe your issue and my issue are related.   https://community.meraki.com/t5/Endpoint-Management-Systems/Meraki-HTTPS-traffic-to-SM-clients-increased-dramatically/m-p/22500#M2523   ... View more

Meraki HTTPS traffic to SM clients increased dramatically

by Duke_Nukem in Mobile Device Management
‎06-28-2018 05:23 AM
‎06-28-2018 05:23 AM
We're using the legacy version of SM for around 375 Windows clients.  Around 6/19 the amount of traffic being downloaded by the SM endpoints increased dramatically.  In the past 9 days they have downloaded over 400 GB of data at just one of our locations.  Going to open a ticket, but wondering if others are seeing the same?     Thanks, ... View more
Labels:
  • Labels:
  • Monitoring

Re: Server 2016 & Windows 10 Radius login on SSID

by Duke_Nukem in Wireless LAN
‎10-26-2017 11:29 AM
‎10-26-2017 11:29 AM
When we transitioned over to Windows 10 we ran into an issue with Win10 machines not connecting to the hidden SSIDs.  They just wouldn't do it.  We had to broadcast the SSIDs for them to connect.  This was with a IAS setup on 2003 and then NPS on 2012 R2.  We're not on 2016 yet, so I can't help ya there. Some other things to check: - I assume you're using a group in AD, and putting machines into that?  Make sure your machine builder is adding them into that group. - Certificates - in your Network Policy on NPS, Constraints tab, Authentication Methods, PEAP - edit. Make sure your certificate is valid and not expired.  ... View more
Kudos from
User Count
MattMorg
Meraki Employee MattMorg
1
CharlesIsWorkin
CharlesIsWorkin
1
thomasthomsen
thomasthomsen
1
Roska
Roska
1
cmr
Kind of a big deal cmr
1
View All
Kudos given to
User Count
PhilipDAth
Kind of a big deal PhilipDAth
2
View All
My Top Kudoed Posts
Subject Kudos Views

Re: AnyConnect VPN support for MX devices

Security / SD-WAN
2 44693

Re: [Important Notice] Meraki SM Legacy and Free 100 Retirement

Mobile Device Management
1 315

Re: Client VPN Error After January Windows Updates

Security / SD-WAN
1 99753

Re: AnyConnect VPN support for MX devices

Security / SD-WAN
1 44548

Re: Guest network allowed to ping local workstations?

Wireless LAN
1 17374
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Cookies
  • Terms of Use
© 2023 Meraki