Meraki

Coupe2112 · ‎Nov 15 2022

Our department Christmas tree is made from old PC components (and a string of lights)!

Coupe2112 · ‎Sep 7 2022

+ us too

Coupe2112 · ‎Oct 31 2018

So I was finally able to get this working. Upon the suggestion of Meraki's support, I simplified the PSK for radius authentication between radius client and server by removing any non-alphanumeric characters. I made it extremely long to try to keep it secure (24 characters) but at least it's working now. It seems like a shortcoming to me but at the very least I think it should be documented to not use non-alphanumeric in that PSK. Anyway, there it is. Thanks for reading.

Coupe2112 · ‎Oct 29 2018

LOL This is the same thing Meraki support sent me to. I am using M$ NPS, I used the guide to configure it and I've reviewed the settings about a dozen times in the last two and half days. I appreciate the feedback because sometimes just talking it through leads to the 'A-HAH!' moment (and I definitely could have missed something). I'm looking for something a bit deeper than the basics though. I'm using radius authentication all over the place for access to my ASA firewalls, Cisco IOS and Nexus devices (with multiple levels of access), ASA and Firepower remote access vpns, and my open source IPAM server so I'm definitely familiar with configuring it. 🙂

Coupe2112 · ‎Oct 29 2018

Those are in the request, not the accept.

Coupe2112 · ‎Oct 29 2018

It is a domain account. Good call on adding the domain. I'll give that a shot. Yes, I am seeing an 'ACCESS_ACCEPT' message. I opened a ticket with Meraki support who said back end logs were showing authentication failure. Obviously that doesn't make a lot of sense given that radius is confirming the password. I've done a second capture on the MX lan port and confirmed that the MX is also receiving the 'ACCESS_ACCEPT' packet. UPDATE: I had been using my email account but I tested with 'username', 'public_domain\username', and 'private_domain\username' with no luck. In all three cases, the radius 'ACCESS_REQUEST' shows the correct value and radius completes the authentication.

Coupe2112 · ‎Oct 29 2018

I have configured a Client VPN on this MX device. When using Meraki Cloud authentication it works without issue. When I enable radius authentication it fails. I have performed a packet capture on the radius server and see successful authentication requests validating that radius is functioning correctly. This is failing for both an Android client (ver. 9 build PPR2.181005.003) and Windows10 Enterprise (ver. 1709 build 16299.611) Below are log entries. It looks to me like it's simply timing out. Oct 29 08:28:15 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA established x.x.x.x[4500]-y.y.y.y[4500] spi:f7576fb374b0f3a5:75cfbc1463066f9b Oct 29 08:28:16 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport x.x.x.x[4500]->y.y.y.y[4500] spi=68336299(0x412baab) Oct 29 08:28:16 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport x.x.x.x[4500]->y.y.y.y[4500] spi=125451427(0x77a3ca3) Oct 29 08:28:21 Non-Meraki / Client VPN negotiation msg: purged IPsec-SA proto_id=ESP spi=125451427. Oct 29 08:28:21 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA expired x.x.x.x[4500]-y.y.y.y[4500] spi:f7576fb374b0f3a5:75cfbc1463066f9b Oct 29 08:28:21 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA deleted x.x.x.x[4500]-y.y.y.y[4500] spi:f7576fb374b0f3a5:75cfbc1463066f9b My confusion is why the different behavior going from cloud auth to radius when I can confirm that radius is working. Has anyone seen this before? Any suggestions?

Coupe2112 · ‎Mar 20 2018

My spring cleaning project began with a basement flood and ended with additional shelving, an organized workshop and a large box of water soaked cardboard heading to recycling...

Coupe2112 · ‎Dec 5 2017

I'm so happy to have received the email about the Community page! This is something I was asking about from the first when we decided to deploy Meraki. We're a fashion company with about 70 retail locations. Installing Meraki has been an absolute life saver as we get into the holiday season! -Coupe2112

Meraki

Community

About Coupe2112

Coupe2112

Community Record

Badges

Re: Reduce, Reuse, Recycle: a Gently Used Contest!

Re: Advanced Malware Protection (AMP) retrospect alert

Re: MX64 Client VPN Cloud Auth Works - Radius Auth Fails with IPsec-SA expi...

Re: MX64 Client VPN Cloud Auth Works - Radius Auth Fails with IPsec-SA expi...

Re: MX64 Client VPN Cloud Auth Works - Radius Auth Fails with IPsec-SA expi...

Re: MX64 Client VPN Cloud Auth Works - Radius Auth Fails with IPsec-SA expi...

MX64 Client VPN Cloud Auth Works - Radius Auth Fails with IPsec-SA expirati...

Re: It's the first day of spring! Share your spring cleaning pictures for a...

Re: Please introduce yourself

Re: MX64 Client VPN Cloud Auth Works - Radius Auth Fails with IPsec-SA expi...

Re: Reduce, Reuse, Recycle: a Gently Used Contest!

Re: It's the first day of spring! Share your spring cleaning pictures for a...

Re: Advanced Malware Protection (AMP) retrospect alert

Re: Please introduce yourself