Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About CMTech1
CMTech1
Getting noticed
Member since Dec 6, 2017
10-13-2022
Community Record
30
Posts
9
Kudos
0
Solutions
Badges
08-23-2022
01:58 PM
2 Kudos
Hi, Ran across your question and figured I'd mention we found a fix for our Meraki/Cisco AnyConnect flapping issues. Anyone using the Meraki Cisco AnyConnect issue where it bounces a few times after initially connecting should ask Meraki support to review the VPN Client MTU's. We had them adjust the MTU's for this and no further issues with users now either. Due note, this was with our vMX VPN client in Azure that had this issue since the on-prem MX's were fine. Hope this helps....Cheers!
... View more
08-23-2022
01:50 PM
Due to the confidential info related to our company I really can't provide the ticket number, however as I mentioned, call Meraki and mention exactly what I stated. It took me calling and working with five different techs until one was like yeah, I know how to fix that and thankfully did. The tech was Patrick Baah and below is an except of the message when he updated the second registration; Hi xxxx, I have updated the second registry. Good to see the improved state of the registry connection. I'm glad I could assist. If there are ever any questions or concerns that you have please do not hesitate to reach out to Meraki Support! Best, Patrick Baah Cisco Meraki Technical Support
... View more
08-23-2022
01:03 PM
Meraki has a fix for this. It's related to their auto VPN tunnel connections. They change one of the two registration connections to the new systems first, then let it run for a couple days and then do the other one and viola! Call them up and say you have issues with the S2S VPN with constant packet drops and request review of the VPN registration. Once they changed, no more issues. Side note....Anyone using the Meraki Cisco AnyConnect and have the same issue where it drops a few times after initially connecting ask support to review the VPN Client MTU's. We had them adjust the MTU's for this and no further issues with users now either.
... View more
03-01-2022
12:36 PM
1 Kudo
Seems v16.16 has resolved this issue so thanks for the update!
... View more
02-23-2022
12:42 PM
Hi @BaronCSE, yes we have it set to either of three choices based on user requirements, Text, MS APP or Token. Thankfully only have a few that wanted the Token, but still easy to setup. As far as you're question, under Azure AD/Security/Authentication Methods is where you create the policy. I manage the policies via AD Groups. Users have the option to use multiple such as Text and MS APP in case they require one or the other.
... View more
01-21-2022
01:48 PM
Depends on your particular circumstances and requirements right? In our case DUO would have required another system to manage (broker) where as we don't need in Azure. Also, I'm saving $$$$ since our subscription already comes with MFA (P1/P2) so essentially saving money really.
... View more
01-21-2022
01:32 PM
@CptnCrnch, we did demo several 2FA/MFA's (Duo one of them) and found Azure more cost effective and easier to manage given our current Azure footprint along with our other system requirements. I'm sure Duo will mature with Cisco owning since 2018 and might be a worth looking at again in the future, but for now......We're happy with Azure 🙂
... View more
01-21-2022
12:31 PM
Hi, We're beta testing the the Cisco AnyConnect VPN Client at two sites (MX & vMX) and noticed we're unable to identify the user name and/or device under Networkwide/Clients like we can with the current native Win10 VPN client. We use this often to audit or even just identify a user we're trying to assist. Normally we see the computer name and the actual user name, however with AnyConnect we get random MAC's and encrypted type user names. SEE PIC. Anyone else seeing this or have any suggestions? Thanks, Mark
... View more
01-21-2022
07:38 AM
Hi, We are currently in beta with the Cisco Anyconnect for Meraki and currently have our Azure MFA integrated and working. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension Cheers!
... View more
10-19-2021
12:50 PM
@Agio-Networks; As of today we're still seeing the random drops. We see the issue to the three locations we have, US East 2, US West and UK South so if I had to point a finger, though really don't want to, I'd say it's a Meraki issue. Anyway, we have an open/ongoing case with Meraki and the most recent change they made (we don't have access to do) was change the default MTU from 1500 to 1420 to allow more room for the Auto VPN header is what they stated. However, at this time after another week of monitoring it seems we are still dropping random packets so that didn't resolve the issue and have to reply back with the bad news. If I ever do get a resolve, I'll be sure to post it here. Just surprised others haven't seen this in their network monitors.
... View more
07-21-2021
06:52 PM
I know this an an old thread, but looking around this is exactly my issue and its July 2021 and still don't see any definitive answers. I'd hate to have to tear down this vMX and set back up, but before I do, just seeing if anyone here in 2021 had and/or having this issue and if any resolve? I have two vMX's (Mediums) for two different regions running about five to ten VM's in Azure connecting as hubs since requirement to have multi-site connectivity for RD's and such. Anyway, on vMX in UK works fine and no issues, the other one here in US on east coast has same issue with dropped packets as described here. I know it's the vMX, if I PSPing to multiple IP's both Public and Private I lose the packets at the vMX IP and all servers behind that which show same time packet lose as I worked my way back out from the vnet subnets yet no drops on the MS Public IP.
... View more
05-26-2021
12:38 PM
Hi All, I found the cause, but not the root cause/reason and have to contact our A/V-Malware security vendor. Even though this laptop has the same security policy as others something was causing this particular laptop, and likely the other two we had, block all internet traffic. A thorough review of this particular laptop event logs and the security system (A/V-Malware) log files didn't show anything wrong on this device, nor do we have any definitive answers at this time. We have hundreds of other systems using the same exact security policy, same Win10 version and same updates applied so very strange. Hopefully the vendor can shed some light on this, but for now thanks to everyone that responded!
... View more
05-24-2021
04:53 AM
@ww I guess I could try a third MAC, however WiFi and LAN experience the same issue though can try possibly a USB Wireless or MAC spoofing as you mention.
... View more
05-24-2021
04:51 AM
@PhilipDAth, Yes, the laptop can be plugged into the LAN and/or WiFi and still doesn't work No policies are set against this device as validated during diag session with Meraki. Get's DHCP from local DC. No reservations and/or MAC deny filters shown. Yes, DNS works fine. Can even ping google.com, msn.com or whatever though when you launch the browsers either Chrome, IE or Edge they just don't load webpages.
... View more
05-21-2021
12:19 PM
Hi Think Tank! So the short of the long is this and we're a bit befuddled here. We have a full stack network so MX100 and a few MS225's so you know, but this isn't just this one site as now another site had same issue with laptop not connecting. Anyway, we had three laptops over the past four months that all the sudden are unable to access the internet. All three laptops are different models though all HP's (ProBook & EliteBook) with Win10 two with 1909 and one was 1803. We ran multiple malware and proxy scans from our Anti-Virus and Malware solution provider as well as other vendors with no issues. No same MS Updates are on all three, however we did roll back two updates that were within the week prior to the issue happening on two of them with no luck. We reviewed everything we could within Meraki dashboard and finally called Meraki support. Funny thing is they were puzzled too after working with one laptop for a couple hours trying to figure out the issue while reviewing packet and live connection. If I take the laptop and connect to our backup network or used remotely outside the offices they work fine so we know it's not the laptops. I would think something blocking the MAC, but Meraki Support had no clue even when we moved the one laptop to our DevOps network and it worked fine. Again, nothing was changed as far as Meraki settings at either of these locations where it occurred and with Meraki not sure........well here I am asking the think tank!
... View more
01-07-2021
12:44 PM
3 Kudos
Lets not discuss last year, but start off the New Year with something positive. Currently implementing my first vMX in Azure as a test pilot in preparation for a on-premise virtual environment migration to Azure project while maintaining a Meraki mesh network sometime mid-2021! 🙂
... View more
08-13-2019
12:48 PM
1 Kudo
Streamline tasks and operations for improved efficiencies without losing focus on privacy and security.
... View more
07-30-2019
05:02 PM
1 Kudo
Seems to have been CDN issues as noted. ISP found root cause and have escalated for repair to international vendor edge/border Route. Thanks!
... View more
07-30-2019
05:00 PM
Solarwinds and various other manual tests via the firewall native tools.
... View more
07-30-2019
10:51 AM
That could very well be an ISP issue as you mentioned and where I'm going next with this if Meraki support unable to help further. I did have a similar issue with ISP where CDN was blocking port 500/4500 though entire VPN was down unlike this situation where it sorta works I guess 🙂
... View more
07-30-2019
05:58 AM
Correct, everything is green, s2s vpn connected correctly and can pass traffic between the two sites, just keep freezing up when multiple packets dropped. Firewall VPN rules are Open/Open and Enabled as they have always been. Allowed VPN VLAN's are still the same ones permitted to pass and technically are passing, just dropping major packets.
... View more
07-30-2019
05:56 AM
WAN from either side is solid as well as to any other WAN site. This is isolated issue to just the S2S VPN. Firewall rules on VPN is open and enabled in both directions. Just all the sudden started dropping packets when we came in on Monday and nothing nor any changes were done over weekend.
... View more
07-30-2019
05:29 AM
I have a strange issue I'm unable to locate and spent a couple hours with Meraki support only to ask we reboot the MX's, which we did with no resolution. Even changed S2S VPN from Hub to Spoke to Off and then back on with no resolve and finding it hard to track down actual root cause. Have (8) sites all with Meraki MX's and all are Hub to create a mesh network. Has been working this way for months without issue, however yesterday between two of the sites we have a 20-40% packet loss. It is only between these two sites that have been working perfectly since January and one site has MX100 while other has MX84 not that it should matter since same under the hood. What's interesting is both these sites can ping anything anywhere, WAN, LAN or any other S2S MX's without an issue. However, these two sites in question have issues pinging each other and we're having difficulty operating due to the issues since these two particular sites share many resources. The issue is present in both directions. Anyone experience similar?
... View more
11-01-2018
08:33 AM
Hi PhilipDAth. Thanks for the info, but not a network speed issue and seems to be a session layer issue. I just found the solution to be related to the site-to-site default setting needing to be set to corp office though not 100% sure why, however it works now.
... View more
11-01-2018
08:30 AM
Hi BlakeRichardson..........Thanks for the info though the change didn't help so rolled it back. However, after further testing today I found the issue though scratching my head. Since the site is considered a spoke and I'm the hub I set the corp office VPN as the default within the Site-to-Site and this system started to work again. Not sure why, but not looking the gift horse in the mouth 🙂
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 3 | 9399 | |
| 2 | 640 | |
| 1 | 417 | |
| 1 | 20391 | |
| 1 | 4974 |
