- About rbnielsen
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
rbnielsen
Head in the Cloud
Member since Nov 29, 2017
Online
Community Record
261
Posts
155
Kudos
10
Solutions
Badges
Sunday
There really isn't any other place I can define the network security groups. There's there Resource Group shown above with the VM, Nic, Public IP and Disk, and then there is an RG with the Managed App, VNet and a Routetable.Finally, there is a NetworkWatcherRG in which I can't really do any changes. The 'mrg-cisco-meraki-vmx-XX' is the one that gets created when deploying the Meraki Managed App in Azure, and it seems to be Read Only, so I can't really modify its settings.
... View more
Sunday
Not much. Now.. This is a test setup, on a "Free Trial Version". Could it be that I'm not being allowed the full feature set?
... View more
Sunday
I can't find any NSGs. This is the only place I have, where I can choose Network Security Groups.
... View more
Sunday
Hm.. Do I need to create a Firewall in Azure, in the same resource group as the vMX? My vMX cam online and connected to the Dashboard without a Firewall in the first place.
... View more
Sunday
The only place I could choose Network Security Group, as under the Nic, of the Ressource Group, was a created after the managed app. And in the NSG, there are no rules, whatsoever.
... View more
Sunday
Do you know where I can edit does Firewall rules? Because I can't see them anywhere. 😕
... View more
Friday
I've also done a traceroute from my own mac. It seems that it ends somewhere in Microsoft Azure rbnielsen@The-Gibson ~ % traceroute 52.146.154.95 traceroute to 52.146.154.95 (52.146.154.95), 64 hops max, 52 byte packets 1 192.168.2.1 (192.168.2.1) 4.767 ms 2.304 ms 2.222 ms 2 192.168.1.1 (192.168.1.1) 3.875 ms 2.720 ms 3.169 ms 3 lo0-0.vsk2nqe30.dk.ip.tdc.net (2.106.92.193) 8.201 ms 8.336 ms 8.652 ms 4 ae2-0.fhnqe11.dk.ip.tdc.net (83.88.16.207) 9.542 ms 8.354 ms 9.115 ms 5 ae1-0.alb2nqp8.dk.ip.tdc.net (83.88.19.119) 22.806 ms 16.014 ms * 6 104.44.37.83 (104.44.37.83) 18.571 ms 16.465 ms 25.737 ms 7 ae24-0.ear01.ham30.ntwk.msn.net (104.44.24.21) 21.265 ms 21.480 ms 22.874 ms 8 be-21-0.ibr02.ham30.ntwk.msn.net (104.44.21.17) 44.815 ms be-20-0.ibr01.ham30.ntwk.msn.net (104.44.21.14) 45.915 ms be-21-0.ibr02.ham30.ntwk.msn.net (104.44.21.17) 44.947 ms 9 be-4-0.ibr06.ams06.ntwk.msn.net (104.44.16.131) 45.002 ms 45.383 ms 44.945 ms 10 be-6-0.ibr02.ams21.ntwk.msn.net (104.44.18.190) 45.524 ms 46.605 ms 45.491 ms 11 be-9-0.ibr02.dub08.ntwk.msn.net (104.44.19.214) 45.360 ms be-11-0.ibr02.lon24.ntwk.msn.net (104.44.16.2) 45.643 ms be-9-0.ibr01.lon24.ntwk.msn.net (104.44.18.144) 174.930 ms 12 ae122-0.icr02.dub08.ntwk.msn.net (104.44.11.82) 45.882 ms be-8-0.ibr02.dub08.ntwk.msn.net (104.44.17.90) 45.684 ms ae122-0.icr02.dub08.ntwk.msn.net (104.44.11.82) 45.110 ms 13 ae120-0.icr01.dub08.ntwk.msn.net (104.44.11.86) 59.649 ms * * 14 * * * ^C
... View more
a week ago
So I'm having som issues with enabling Client VPN on a vMX. I have enabled Client VPN on the vMX, like I've done many time before, double checked users and shared secret but I just can not seem to get the ClientVPN connected. My vMx is deployed and online and all green. However, I'm not able to ping the Public IP, but then again I'm not sure if I'm supposed to be able to ping a Public IP in Azure. I'm testing from my own Mac, and it seems like it can't reach my vMX or the Public IP, which I find odd. I've tried from Home WiFi and Mobile Hotspot. Log from my Mac: standard 08:26:41.543802+0100 racoon plogsetfile: about to add racoon log file: /var/log/racoon.log standard 08:26:41.548326+0100 racoon accepted connection on vpn control socket. standard 08:26:41.548367+0100 racoon received bind command on vpn control socket. standard 08:26:41.549439+0100 racoon New Phase 2 standard 08:26:41.549691+0100 racoon state changed to: IKEv1 quick I start standard 08:26:41.551206+0100 racoon Connecting. standard 08:26:41.551662+0100 racoon IPsec-SA request for 52.146.154.95 queued due to no Phase 1 found. standard 08:26:41.551690+0100 racoon New Phase 1 standard 08:26:41.551717+0100 racoon state changed to: IKEv1 ident I start standard 08:26:41.552022+0100 racoon initiate new phase 1 negotiation: 192.168.1.53[500]<=>52.146.154.95[500] standard 08:26:41.552161+0100 racoon begin Identity Protection mode. standard 08:26:41.552201+0100 racoon IPSec Phase 1 started (Initiated by me). standard 08:26:41.554889+0100 racoon Resend Phase 1 packet f465dd260cf2a981:0000000000000000 standard 08:26:41.554918+0100 racoon state changed to: IKEv1 ident I msg1 sent standard 08:26:41.554953+0100 racoon IKE Packet: transmit success. (Initiator, Main-Mode message 1). standard 08:26:41.554996+0100 racoon >>>>> phase change status = Phase 1 started by us standard 08:26:42.551901+0100 racoon CHKPH1THERE: no established ph1 handler found standard 08:26:43.651998+0100 racoon CHKPH1THERE: no established ph1 handler found standard 08:26:44.750392+0100 racoon IKE Packet: transmit success. (Phase 1 Retransmit). standard 08:26:44.750534+0100 racoon Resend Phase 1 packet f465dd260cf2a981:0000000000000000 standard 08:26:44.750612+0100 racoon CHKPH1THERE: no established ph1 handler found standard 08:26:45.849827+0100 racoon CHKPH1THERE: no established ph1 handler found standard 08:26:46.949911+0100 racoon CHKPH1THERE: no established ph1 handler found standard 08:26:47.826864+0100 racoon IKE Packet: transmit success. (Phase 1 Retransmit). standard 08:26:47.826919+0100 racoon Resend Phase 1 packet f465dd260cf2a981:0000000000000000 standard 08:26:48.049956+0100 racoon CHKPH1THERE: no established ph1 handler found standard 08:26:49.149791+0100 racoon CHKPH1THERE: no established ph1 handler found standard 08:26:50.249824+0100 racoon CHKPH1THERE: no established ph1 handler found standard 08:26:51.116931+0100 racoon IKE Packet: transmit success. (Phase 1 Retransmit). standard 08:26:51.116967+0100 racoon Resend Phase 1 packet f465dd260cf2a981:0000000000000000 standard 08:26:51.349793+0100 racoon CHKPH1THERE: no established ph1 handler found standard 08:26:51.561520+0100 racoon vpn_control socket closed by peer. standard 08:26:51.561544+0100 racoon received disconnect all command. standard 08:26:51.561578+0100 racoon IPSec disconnecting from server 52.146.154.95 standard 08:26:51.561608+0100 racoon in ike_session_purgephXbydstaddrwop... purging Phase 2 structures standard 08:26:51.561635+0100 racoon Phase 2 sa expired 192.168.1.53-52.146.154.95 standard 08:26:51.561657+0100 racoon state changed to: Phase 2 expired standard 08:26:51.561697+0100 racoon in ike_session_purgephXbydstaddrwop... purging Phase 1 and related Phase 2 structures standard 08:26:51.562447+0100 racoon IPsec-SA needs to be purged: ESP 192.168.1.53[0]->52.146.154.95[0] spi=1224736768(0x49000000) standard 08:26:51.562503+0100 racoon ISAKMP-SA expired 192.168.1.53[500]-52.146.154.95[500] spi:f465dd260cf2a981:0000000000000000 standard 08:26:51.562527+0100 racoon state changed to: Phase 1 expired standard 08:26:51.562550+0100 racoon no ph1bind replacement found. NULL ph1. standard 08:26:51.563059+0100 racoon vpncontrol_close_comm. From what I see is that the vMX is not even responding. This is also evident from tha fact that there a nothing the the Event Log, about Client VPN establishement. So I think(!) that there is a route missing from the Azure and into my MX, but I have no idea what that should be. My vMX can easily ping out. I can even ping my own public ip address at home. I have created a Route Table, which only contains 1 route, the ClientVPN subnet pointing to the IP address of the vMX I also have a VNet with the subnet of the vMX and ClientVPN, although I'm not certain this should be neccessary yet. Not untill I need to access services in Azure. Both the Vnet and RouteTable are in the same Ressource Group as the vMX Managed App. I did not allow the vMX Managed App to create VNets and Subnets. I did that on my own as well. I've tried setting the ClientVPN on my Mac to both Full Tunnel, and Split Tunne, to no avail. Looking at the NIC for the vMX VM, there are no NSGs applied, so that should be OK. Any ideas on what I'm doing wrong?
... View more
2 weeks ago
1 Kudo
What exactly do you mean, when you say you want to configure the wan port as trunk? The Internet port supports VLAN tagging, in such that you can assign a vlan to the interface, that is handling WAN traffic, and thus connect the MX to a trunk port. This can be set either via Remote Status page on the MX, or Security & SD-WAN -> Appliance Status -> Uplink, and hit the Edit button next to the WAN interface. You should see a VLAN field, where you can input the VLAN number. But you cannot have the MX, to grab a WAN IP from say vlan 10, and let vlan 20 passthrough the MX Internet port, for upstream LAN access. In such case, you'll have to short VLAN 20 around to a LAN port on the MX, with another physical cable.
... View more
3 weeks ago
Honestly I'm more interested in the question regarding failover times. 😉 The Meraki Documentation is unclear on the point, and I have yet to meet someone with a convincing argument.
... View more
10-25-2020
06:31 AM
Site formatting is also a bit weird, so You might want to run by all the pages. https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Profiles_and_Settings/Removing_Profiles_and_Apps_from_Managed_Devices#Permanent_Removal Viewing from Firefox 81.0.2 on MacOS Catalina 10.15.7,btw.
... View more
10-24-2020
10:52 AM
1 Kudo
Looking good! I understand that the search results are colored such that they can be distinguished, but using the same color as the background for every other search result, seems confusing to me. It makes me think that the search result is a sample text for the result above.
... View more
10-12-2020
09:39 PM
1 Kudo
I have been looking into this myself, and from what I can find those vpn services use certificate based vpn, which is not supported on Meraki (from what I have found). If it’s a feature you would like to see, use the Make A Wish button, speak with your local Meraki Rep
... View more
10-09-2020
12:04 AM
Whether it's a CCNA or CCNP, I can't tell. I was half way through my CCNP Wireless when they shook the bag. I didn't expect that level of detail wht the questions, bu then again I wasn't surprised. It was all something I remember we touched during ECMS2. But I did feel that there was a special focus on Meraki Insights and Systems Manager. I remember some of the questions that I think was the reason I failed the exam. Some understandable, and some weren't. In general, I hate questions on what port some specific segment of a technology communicates on, and if it's TCP or UDP..
... View more
10-08-2020
10:07 AM
1 Kudo
I did it yesterday, but unfortunately I was 47 points away. 😞
... View more
09-17-2020
10:50 AM
I'll go out in a limb here and say; if there's a SNORT rule for that CVE, then it's handled by AMP.
... View more
09-17-2020
09:01 AM
I find that bug with vlans kinda funny and intriguing as well.. It looks like it relates to some issue with not reading the VID field in the .1q tag. The vlan numbers all fit with 0x010, 0x020, 0x030, 0x040 and so on.
... View more
09-17-2020
03:07 AM
It shouldn't be neccessary to have a switchport at both ends. Create an SVI on the MS390, assign a port as access to that VLAN, and connect the VoIP router to said access port. You should be able to ping between the VoIP router and SVI.
... View more
09-17-2020
01:41 AM
There are no such thing as routed ports in Meraki. You'll have to create a VLAN on the MS390, and assign IPs to that. It is not possible to assign IP addresses to ports on Meraki. The only "routed port" there is, is the WAN uplink on the MX Security Appliance.
... View more
09-16-2020
11:34 AM
Why is it impossible to assign an IP address to your MS390? Create a new VLAN on the MX100 for Meraki Management, and either assign the Meraki switch an IP statically, or use DHCP on the Meraki Management VLAN.
... View more
09-09-2020
11:54 AM
I wonder if they are trying to ignore the missing NoNAT documentation. 😉 @CameronMoodyany news?
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 344 | 08-12-2020 11:48 PM | |
| 392 | 07-15-2020 07:29 AM | |
| 369 | 07-07-2020 09:17 AM | |
| 497 | 07-04-2020 01:37 AM | |
| 641 | 07-04-2020 01:24 AM | |
| 375 | 05-17-2020 10:25 AM | |
| 879 | 04-15-2020 05:59 AM | |
| 1656 | 06-21-2019 03:47 AM | |
| 824 | 05-01-2019 12:32 AM | |
| 3065 | 03-13-2019 04:06 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 11 | 26374 | |
| 7 | 4353 | |
| 7 | 3025 | |
| 7 | 12385 | |
| 6 | 824 |
