The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About CGRE
CGRE

CGRE

Here to help

Member since May 2, 2019

‎06-15-2022
Kudos from
User Count
SJB1
SJB1
1
JDomagala
JDomagala
1
PhilipDAth
Kind of a big deal PhilipDAth
1
View All
Kudos given to
User Count
JDomagala
JDomagala
1
PhilipDAth
Kind of a big deal PhilipDAth
2
Bruce
Bruce
1
View All

Community Record

16
Posts
3
Kudos
0
Solutions

Badges

ECMS1
ECMS2
CMNA
Meraki FIT Level One
First 5 Posts
Lift-Off View All
Latest Contributions by CGRE
  • Topics CGRE has Participated In
  • Latest Contributions by CGRE

Re: New MX 17.6 stable release candidate firmware - no longer a beta, many ...

by CGRE in Security / SD-WAN
‎04-21-2022 06:03 AM
‎04-21-2022 06:03 AM
Yes, you can do this from the dashboard UI easily under firmware if within so many days of the update, if past that just manually force the stable version firmware to the MX. ... View more

Re: New MX 17.6 stable release candidate firmware - no longer a beta, many ...

by CGRE in Security / SD-WAN
‎04-11-2022 07:00 AM
‎04-11-2022 07:00 AM
Further issue with another customer who was moved to 17.6 now, this time related to content filtering categories changing between Brightcloud and Talos systems, this is mentioned it can change but whats frustrating is I can find no documentation to show a matrix or difference between old Brightcloud and new Talos databases, we've had to roll back a customer due to them complaining of it causing them issues. ... View more

Re: New MX 17.6 stable release candidate firmware - no longer a beta, many ...

by CGRE in Security / SD-WAN
‎04-08-2022 06:26 AM
2 Kudos
‎04-08-2022 06:26 AM
2 Kudos
We've just seen issues with 17.6 on MX's with RADIUS based wifi authentiction, it broke the auth piece and we've had to roll back a load of sites as it caused client connection issues, we have a ticket logged on the issue. I do wish you could opt out of release candidate when on auto update to only get stable version code. ... View more

Re: Active directory integration with multiple AD domains?

by CGRE in Security / SD-WAN
‎12-01-2021 07:12 AM
‎12-01-2021 07:12 AM
Also I believe Meraki only still support NTLMv1 which is deemed old and no longer used (disabled) by modern Windows server OS, the documentation doesnt mention this but Meraki support advised it only supports v1 and there are no current plans for this to change unless anyone knows different? ... View more

Re: Active directory integration with multiple AD domains?

by CGRE in Security / SD-WAN
‎12-01-2021 04:21 AM
‎12-01-2021 04:21 AM
Unknown at this time, if they do have trusts between would this work, has anyone had this working on an environment like this? ... View more

Active directory integration with multiple AD domains?

by CGRE in Security / SD-WAN
‎12-01-2021 03:29 AM
‎12-01-2021 03:29 AM
I dont think this is possible but does anyone know if an MX will support AD integration with multiple AD domains, we have a customer with 6x domains and wants to use the AD integration piece on the MX's but on reading all of the documentation it does point to supporting a single AD domain not multiple? ... View more
Labels:
  • Labels:
  • Other

SNMP/ICMP to vMX in Azure

by CGRE in Security / SD-WAN
‎10-01-2021 06:55 AM
‎10-01-2021 06:55 AM
If you have a vMX in Azure is there a way to be able to ping/poll with ICMP/SNMP without a full IPSEC tunnel to the vMX?    With an MX you can enable SNMP and poll it from the public IP on a WAN interface, in Azure the public is assigned by Azure and the vMX appliance appears to be so locked down you cannot change anything on it nor assign an NSG to it to allow specific rules to it.   I also noticed the vMX has the SNMP configuration but in the firewall page doesnt have the same allow source networks section as the physical MX's do.   Has anyone found a way to allow these specific ports access on the public IP of the vMX in Azure, or is an IPSEC tunnel the only way (then poll the private IP of the vMX) ... View more
Labels:
  • Labels:
  • Azure

Re: IPSEC/Non Meraki VPN failover?

by CGRE in Security / SD-WAN
‎09-23-2021 08:19 AM
‎09-23-2021 08:19 AM
Thanks but I am only talking about IPSEC/Non Meraki VPN here not AutoVPN ... View more

IPSEC/Non Meraki VPN failover?

by CGRE in Security / SD-WAN
‎09-23-2021 07:47 AM
‎09-23-2021 07:47 AM
As I understand it IPSEC VPN on MX runs off whatever is set as the primary connection under shaping config, does it auto failover to the 2nd WAN port if the primary connection fails?   I note it has no source info detailed in config so would assume it can use the primary by default and then failover to WAN2 if WAN1 failed (in a scenario where WAN1 is primary)   Is that the case, am struggling to confirm this in Meraki docs about IPSEC. ... View more
Labels:
  • Labels:
  • 3rd Party VPN

Re: IPSEC on MX unreliable?

by CGRE in Security / SD-WAN
‎09-08-2021 10:10 AM
‎09-08-2021 10:10 AM
Ok on doing some more work on this it appears the MX IPSEC tunnels do not like it if they dont have constant traffic, not sure what the timeout is but if they have no traffic passing the tunnel drops and you need a ping or something similar to get the tunnel up and working again, they dont stay up on their own, we're seeing this on multiple MX models in different customer estates.   Does anyone know what the timeout is for the IPSEC drop out? ... View more

Re: Meraki and netflow with Solarwinds

by CGRE in Security / SD-WAN
‎08-24-2021 09:41 AM
‎08-24-2021 09:41 AM
On more than one occasion I've seen it come from a random VLAN number, not the highest or even the lowest number, have seen this for both syslog and netflow and proved on packet captures, have a ticket running on the issue. ... View more

Re: IPSEC on MX unreliable?

by CGRE in Security / SD-WAN
‎08-19-2021 07:31 AM
‎08-19-2021 07:31 AM
Hi,   This is all mainly Cisco ASA's running IKEv1 and v2 to an MX, can be physical or vMX we seem to get the same issues. Tunnels will drop out for no apparant reason and stop working, they need a lot of intervention to get them going again it seems, has been on IKE v1 and v2 and to different ASA's different IOS versions etc.   We dont use Fortinet kit so cant comment on those. ... View more

Re: IPSEC on MX unreliable?

by CGRE in Security / SD-WAN
‎08-19-2021 01:00 AM
‎08-19-2021 01:00 AM
Completely agree, using AutoVPN with Meraki kit is rock solid, no issues at all, its the non-Meraki VPN aka regular IPSEC which seems to be very flaky for some reason, have tried with different vendors (and ironically most vendor kit we have is actually Cisco routers and ASA's) they seem to drop for no real reason when AutoVPN is happy and continues to work (so doesnt point to circuit issues etc). I can feel a make a wish coming on. ... View more

IPSEC on MX unreliable?

by CGRE in Security / SD-WAN
‎08-18-2021 02:23 AM
‎08-18-2021 02:23 AM
We've a number of different types of MX's under management, from what we've seen IPSEC on the MX is not that reliable, it can often drop out and seems to need a constant traffic flow otherwise it will drop IPSEC tunnels, has anyone else experienced this and managed to resolve? ... View more

Re: Use a range from an ISP on an MX WAN interface which isnt in the same s...

by CGRE in Security / SD-WAN
‎05-21-2021 01:43 AM
1 Kudo
‎05-21-2021 01:43 AM
1 Kudo
thanks both, will try this and see if it works, didnt realise the MX would just cope with it and allow a NAT for subnets it doesnt have on an interface. ... View more

Use a range from an ISP on an MX WAN interface which isnt in the same subne...

by CGRE in Security / SD-WAN
‎05-20-2021 12:08 PM
‎05-20-2021 12:08 PM
We have a Meraki MX and an ASA, currently the ASA is happy with running the sets of public addressing (we can use both on the ASA) our ISP has issued.   The ISP has issued the below on a single access circuit (this is the secondary circuit, we already have a working circuit/range in WAN1 which is different) this is exactly how the ISP describes the public subnets we can use on this circuit. WAN Pool:- 212.161.19.200/29 LAN Pool :- 217.111.163.168/29   We can use 212.161.19.200/29 fine no issue on WAN2 however we have a requirement to use IP's in the 217.111 range issued on the same circuit but we cant seem to do this on the MX, on the ASA it appears to just route to the interface and works but I cant see a way to get this second range working on WAN2 on my MX, is it possible? It looks like so far as its not part of the same subnet it wont allow routing to it. ... View more
Kudos from
User Count
SJB1
SJB1
1
JDomagala
JDomagala
1
PhilipDAth
Kind of a big deal PhilipDAth
1
View All
Kudos given to
User Count
JDomagala
JDomagala
1
PhilipDAth
Kind of a big deal PhilipDAth
2
Bruce
Bruce
1
View All
My Top Kudoed Posts
Subject Kudos Views

Re: New MX 17.6 stable release candidate firmware - no longer a beta, many ...

Security / SD-WAN
2 3673

Re: Use a range from an ISP on an MX WAN interface which isnt in the same s...

Security / SD-WAN
1 932
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki