I think you need to make a route to the subnet you are trying to make a rule for. If the subnet doesn't exist anywhere in the meraki I don't think they let you make it. ... View more

Also of note here is the IP address option is ghosted out for some reason ... View more

@Ryan_Miles I did change it, we're on the cusp of a code upgrade. I think it's supposed to happen this weekend. The environment is Meraki top to bottom, so it's AP's, switches, and FW's all meraki. I have client tracking set to "Unique Client Identifier" but it has a little "Beta" text next to it. It doesn't seem to work really well so far. I have a lot of client tracking problems where the clients are showing discovered on switch uplink ports instead of their wired port in a stack downstream. I also see the issue in the original post a lot.  ... View more

The windows VPN method is plagued with constant problems. Just when you think you have it right, Microsoft changes something or an update resets your settings and breaks it. as @cwal21 mentions Anyconnect is now available for Meraki, switch to that. You have many more options for managing the VPN well, and most people are familiar with anyconnect from a user standpoint. Update the code on your MX's and give it a try, if you don't have a ton of users the anyconnect licensing isn't too bad price wise. ... View more

Well I think you get credit for answering your own question! ... View more

I found this too, but I think that this method is only valid on ASA's. There doesn't appear to be a way in Meraki to edit these message ID's or the catalog on the Meraki MX platform. ... View more

I've had this problem with a bunch of customers. When Microsoft updates the built in windows VPN components it resets some parameters and breaks the VPN. Start looking at switching to AnyConnect instead, works much better. The licensing is not huge money either. ... View more

Hi Guys,   I think I'm running into this too. Big disclaimer here, I'm no expert on programming, so excuse the crudeness if I'm doing something wrong here. I am working on a script that will allow me to specify a site to clone the content filtering rules. I just made the same script for the L7 rules and it worked perfectly. This one is not working so well. Below is the script I'm using right now. I'm just trying to collect the content filtering rules, which comes in as a hashtable of hashtables I believe. I am then converting it to a JSON, which I thought turned it into a string.   When I try to run the single Invoke-RestMethod, at the bottom, to put the JSON rules at another site I get an Error (400) Bad Request. I used the Streamer method to try to troubleshoot. That tells me the following    {Each element in 'blockedUrlCategories' must be a string}   I can't understand why that would be the case. If I do a GetType() on my $json it shows that name is string but the basetype is system.object. I'm not sure what I'm missing here. Do I have to do something to the JSON data to change it to a string?   IsPublic      IsSerial         Name         BaseType --------           --------          ----                 -------- True           True              String         System.Object       #create header with API key Write-host "Creating API Key Header" $header_org = @{ "X-Cisco-Meraki-API-Key" = $api_key "Content-Type" = 'application/json' } ####################################################### # Get list of all the network ID's in the org ################################################## #create meraki uri to list the networks in the org $MerakiUri = $baseuri + "/organizations/$org_id/networks" #execute rest call Write-host "Collecting all network ID's in the organization" $networklist = Invoke-RestMethod -Method Get -Uri $MerakiUri -Headers $header_org #create empty array to store network ID's for each site $networkArray = $null $networkArray = @() #put networks into an array using the list we got from the REST API call foreach($network in $networklist){ $networkArray = [array]($networkArray + $network.id | where-object{$_ -notlike "$network_id"}) } ############################################################### # Get the L7 geoblocking countries out of site we are cloning # ############################################################### #create merakiuri to list the L7 rules in the network $MerakiUri = $baseuri + "/networks/$network_id/contentFiltering" #execute rest call to get the config for the site to clone write-host "Collecting Content Filtering FW rules from $network_id" $tempcontentrules = Invoke-RestMethod -Method Get -Uri $MerakiUri -Headers $header_org #drop the name property from the blockedurlcategories. Found this in the forums to resolve error wtih API put $tempcontentrules.blockedUrlCategories = $tempcontentrules.blockedUrlCategories | Select-Object -Property * -ExcludeProperty 'name' #convert rules to json format Write-host "converting rules into JSON format" $contentrules_json = ConvertTo-Json -Depth 100 -InputObject $tempcontentrules ############################################################### # Put the content filters onto the rest of the sites # ############################################################### foreach ($each_network_id in $networkArray){ #create URI for contentfiltering rule put $content_uri = $baseuri + "/networks/$each_network_id/contentFiltering" #add rule write-host "Creating content rules for network $each_network_id" Invoke-RestMethod -Method Put -Uri $content_uri -MaximumRedirection 0 -Headers $header_org -Body $contentrules_json }   ... View more