Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About DBlum
DBlum
Getting noticed
Member since Aug 7, 2019
3 weeks ago
Community Record
26
Posts
5
Kudos
0
Solutions
Badges
02-06-2023
03:45 PM
Has there been any update? We are still seeing issues and just put a new bldg up and of course half the clients are not working properly. Another weird issue we are experiencing with layer3 is that these devices are also getting apipa addresses and dhcp (going through switch) is not assigning proper ip's some oft the time.
... View more
01-23-2023
05:06 PM
We are going to try and problematic clients to 802.11n in settings of their devices for now.
... View more
01-18-2023
06:04 PM
2 Kudos
I checked some other sites running 28.6 and seeing excess frame loss for some clients that are disassociating. I did a little more digging and it seems to mostly affect 802.11ax and 802.11ac clients and havent seen it affecting 802.11n clients
... View more
01-18-2023
01:45 PM
We are also seeing issues with this on MR44, MR46 in various deployments and running 29.4.1
... View more
09-26-2021
10:37 AM
I 100% percent agree with us, how can a company such a Cisco be reliant on an outside third-party to provide security updates to their infrastructure and how it allows outside traffic to pass through their hardware to companies that pay for a “Cisco” service. What were to happen if this third-party was attacked and they changed the routing tables such as a ransomware or C2 site to somewhere inside the United States that was not being blocked.
... View more
09-24-2021
12:02 PM
1 Kudo
Can you let us know who your geolocation vendor is and see if they have a lookup tool?
... View more
09-24-2021
11:09 AM
I think based on the size log it would create there is no way for meraki to have something in the portal.
... View more
09-24-2021
11:08 AM
1 Kudo
I am just curious how it only affects a small subset of customers as well? Every single one of my clients (100's of sites, tens of thousands of users) were affected if Hong Kong was being blocked. I would assume every single end user that had Hong Kong blocked would be affected by this and hopefully this issue will now expedite anything could help notify us. It would almost be impossible for a geolocation log to be created for the vast size it would be for every single site. Thank you
... View more
08-06-2021
12:22 PM
Appliance updated to 16.9 and now end users are getting certificate is not secure issues and only way to work is selecting allow untrusted servers which is not really viable. Tried rolling back to previous version and still getting the error. GA for MX95 is 16x and per all documentation on AnyConnect it will no longer be beta when 16x is GA so I don't really have any options that I know of. Any thoughts on what can be done to dix?
... View more
Labels:
- Labels:
-
Client VPN
10-14-2020
11:32 AM
Having a weird issue where clients connecting to the SSID will randomly be switched to an access point on the other side of the building with drops the service. SSID is on the same VLAN and is configured to bridge mode and has band steering on and both access points have less than 10 clients connecting to them. Any thoughts on what could be causing this? Thank you
... View more
08-05-2020
07:05 PM
We are transitioning a microtik router to an MX84 and was wondering the proper config for the following: Two WAN Ports Route all traffic from one vlan (guestwifi - 192.168.4.x) to uplink 2 Route all regular traffic (192.168.1.x) to uplink 1
... View more
06-09-2020
04:36 PM
1 Kudo
We have the whole subnet as part of the VPN...the other side ended up opening up their policy (juniper we found out) and it is communicating now. Thank you again for your help
... View more
06-09-2020
01:05 PM
Would you recommend just taking the NAT out of the equation (ie the provider said we can change the internal server ip to address on current subnet) to allow connectivity? Thank you
... View more
06-09-2020
08:04 AM
We are having an issue where we had to replace an ASA5505 and before there was a site to site vpn and now with the current MX64 the connection is not working. Here was the config from the ASA for the VPN: name 1.2.3.4 Diag description Diag VPN access-list outside_1_cryptomap extended permit ip host 10.0.20.45 Diag 255.255.255.248 access-list inside_nat_static extended permit ip host LocalServer Diag 255.255.255.248 static (inside,outside) 10.0.20.45 access-list inside_nat_static crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set peer 4.5.6.7 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map 1 set security-association lifetime seconds 14400 crypto map outside_map 1 set security-association lifetime kilobytes 10000 crypto map outside_map interface outside crypto isakmp enable inside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 tunnel-group 4.5.6.7 type ipsec-l2l tunnel-group 4.5.6.7 ipsec-attributes pre-shared-key xxxxx peer-id-validate nocheck isakmp keepalive disable Current Meraki Connection is set to Public IP 4.5.6.7 Private Subnet 10.0.20.45/29 IP SEC Policy PH1 - 3DES / SHA1 / DH2 / Timeout 14400 PH2 - 3DES / SHA1 / PFS off / Timeout 14400 Event log shows Non-Meraki / Client VPN negotiation msg: failed to pre-process ph2 packet (side: 1, status: 1). Non-Meraki / Client VPN negotiation msg: failed to get sainfo. Non-Meraki / Client VPN negotiation msg: initiate new phase 2 negotiation: Local_PublicIP[500]<=>4.5.6.7[500] Non-Meraki / Client VPN negotiation msg: IPsec-SA expired: ESP/Tunnel 4.5.6.7[500]->Local_PublicIP[500] spi=178891342(0xaa9acb0) Non-Meraki / Client VPN negotiation msg: failed to pre-process ph2 packet (side: 1, status: 1). Non-Meraki / Client VPN negotiation msg: failed to get sainfo. Non-Meraki / Client VPN negotiation msg: ISAKMP-SA established Local_PublicIP[500]-4.5.6.7[500] spi:5407379688442cfd:315d9f4a0c478522 Non-Meraki / Client VPN negotiation msg: initiate new phase 2 negotiation: Local_PublicIP[500]<=>4.5.6.7[500] VPN registry connectivity change vpn_type: site-to-site, connectivity: true Non-Meraki / Client VPN negotiation msg: failed to pre-process ph2 packet (side: 1, status: 1). Non-Meraki / Client VPN negotiation msg: failed to get sainfo. Non-Meraki / Client VPN negotiation msg: IPsec-SA expired: ESP/Tunnel 4.5.6.7[500]->Local_PublicIP[500] spi=108337968(0x6751b30) Non-Meraki / Client VPN negotiation msg: pfkey DELETE failed: No such process Non-Meraki / Client VPN negotiation msg: ISAKMP-SA deleted Local_PublicIP[500]-4.5.6.7[500] spi:74f722074d7dc223:2e10212799bd830f Non-Meraki / Client VPN negotiation msg: purged ISAKMP-SA spi=74f722074d7dc223:2e10212799bd830f. Non-Meraki / Client VPN negotiation msg: purged IPsec-SA spi=0. Non-Meraki / Client VPN negotiation msg: Unknown IPsec-SA spi=0, hmmmm? Non-Meraki / Client VPN negotiation msg: purging ISAKMP-SA spi=74f722074d7dc223:2e10212799bd830f. Any thoughts? Thank you
... View more
05-22-2020
03:14 AM
So I think I found the issue but I cant explain it...I disabled the site to site vpn because there was a ton of UDP hits on it and as soon as I did that the speed is back to normal. The UDP hits is due to a testing apparatus at one office sending the data to the the main office. Is there any reason this high hit of UDP packets would cause this issue? Here is a sample of the packets (ip addresses have been modified): 1682 7.535586 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1683 7.535598 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1684 7.535624 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1685 7.536136 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1686 7.536139 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1687 7.536161 wsip-70-122-54-105 wsip-70-122-54-115 UDP 1466 46115 → 44916 Len=1424 1898 7.567805 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88 1899 7.567849 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88 1900 7.567898 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88 1901 7.568474 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88 1902 7.568530 wsip-98-127-52-205 wsip-70-122-54-105 UDP 130 44916 → 46115 Len=88
... View more
05-22-2020
02:41 AM
Yes, again it is the weirdest thing because the appliance at my home office is getting 200mb on dashboard and plugging in either third party router or laptop directly into cable modem at office gets the proper 100 down.
... View more
05-21-2020
07:29 PM
Wireshark will not allow me to obfuscate public ip's
... View more
05-21-2020
06:56 PM
Weird thing is I bring the device to my home office and use same cox broadbank and 200+ on throughput test
... View more
05-21-2020
06:53 PM
Nothing abnormal on packet capture, is there anything I should be looking for besides what you put? I tried disabling AMP and IPS and get the same speed drop. I can attach pcap if you think that will help? Thank you
... View more
05-21-2020
04:05 PM
We originally saw speed issues utilizing the MX67W where the throughput on a 100MB connection was at best 5MB/s. This is what we have tried so far: 1. We are on our fourth meraki mx67w that support keeps sending us and still have the issues 2. I have put a new cable modem in and still have the issues 3. I have disabled the wireless and still have the same issues 4. Replaced all network cables and tried with no devices connected and portal still shows 5mb/s 5. Plugging meraki mx into home network I get full connection speed If we plug in another router (netgear) we get the full 100mb connection. Meraki support has no clue and wondering if anyone else is experiencing similar issues or has any other suggestions.
... View more
01-04-2020
05:00 AM
We have a layer 7 filter to deny traffic to/from all countries except: Canada, France, Germany, Ireland, Netherlands, Sweden, Switzerland, UK, USA For some reason this is blocking the ability to goto office.com, we are able to go to other microsoft sites but was wondering if anyone knew what countries we should allow for traffic to flow? I have tried to whitelist the url as well as turning off AMP with no luck.
... View more
08-07-2019
06:32 PM
19 total cameras, cpu and ram show under 8%. Affects pretty much every camera. The synology rep had me update the surveillance station software to a new one that just came out with no luck.
... View more
08-07-2019
06:28 PM
We have the RS3617XS+ (maxed out ram and 1TB ssd cache) and have the fps at 10-12. We are running some Axis 180's and Hikvision 8MP Varifocals
... View more
08-07-2019
05:17 PM
We have all the ports setup as access ports based on a single VLAN for the network. A few of the cameras reside over a Ubiquiti CPE (which gets around 800mbps so speed is not an issue there) and that port is connected to the meraki as an access port as well. All the ports and devices have the same speed and duplex except for the nvr which is running at 10Gig on the uplink port. Thank you
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 13144 | |
| 1 | 22164 | |
| 1 | 23098 | |
| 1 | 2063 |
