Community Record
34
Posts
4
Kudos
0
Solutions
Badges
Apr 18 2018
5:29 PM
@PhilipDAth wrote: Did you know you can specify a prefix instead of an individual IP address in NPS? For example, you can use 192.168.0.0/16 to represent a huge number of access points - with a single client entry. The certificate based authentication is tested and works, however I'd rather not go with a generic /16 definition as a source. Furthermore, there is an additional SSID that authenticates in NPS servers that I don't manage and pass through firewalls that I also don't manage (merged companies). From a security compliance perspective, there's no way that a /16 definition would be accepted.
... View more
Apr 17 2018
10:47 PM
I have a network consisting of a few sites connected through VPN (Hub/Spoke) with several access points and I want to provide certificate based authentication for a specific SSID through the NPS server. Having to configure several IPs as a source on the NPS server is quite time consuming, enabling the Meraki's RADIUS proxy and exposing the server to the internet is definitely not the best option and using a Wireless Concentrator and driving all of the wireless traffic to a single point would result in a non-optimal bandwidth utilization. Is there any way, or any plans to implement a way of using a single source for all those RADIUS requests? The ability of configuring one of the MX devices as a RADIUS proxy would be a nice feature
... View more
Jan 24 2018
3:33 PM
@s4mmy wrote: Just something on this, we have about 180 Sierra Wireless AirCard 320U working fine with MX64's. You just need to make sure you have the firmware up to date, and turn off the autologon feature using the watcher on a PC. I second to that. I haven't tried MX64, but I've used AirCard 320U on MX100 (MX 13.28) with a Telstra SIM, without any issues.
... View more
Jan 21 2018
3:01 PM
1 Kudo
@MilesMeraki wrote: I had this on-going problem with one of our MX's. I opened a support case and Meraki support advised that this problem normally arises when the MX is having problems connecting to one of the registries. They manually changed the registry which ours connected to and I then stopped seeing these events in our event log. I'd advise contacting support so they can do the same for you. I see. I assume that the vpn registries that are currently assigned are not optimal. Thanks, I will contact the support about that
... View more
Jan 18 2018
6:38 PM
@PhilipDAth wrote: It has no effect at all on established tunnels. And usually, it has no affect on forming new tunnels as long as nothing has changed its IP address or port. Thanks PhilipDAth
... View more
Jan 18 2018
5:43 PM
2 Kudos
I keep seeing log messages like: Jan 19 11:15:46 HUB-MAST VPN registry connectivity change vpn_type: site-to-site, connectivity: true Jan 19 11:15:23 HUB-MAST VPN registry connectivity change vpn_type: site-to-site, connectivity: false Jan 19 11:14:29 HUB-MAST VPN registry connectivity change vpn_type: site-to-site, connectivity: true Jan 19 11:14:16 HUB-MAST VPN registry connectivity change vpn_type: site-to-site, connectivity: false Jan 19 10:48:27 HUB-MAST VPN registry connectivity change vpn_type: site-to-site, connectivity: true Jan 19 10:48:00 HUB-MAST VPN registry connectivity change vpn_type: site-to-site, connectivity: false Jan 19 10:46:56 HUB-MAST VPN registry connectivity change vpn_type: site-to-site, connectivity: true and on the VPN status: VPN Registry: Partially connected. This security appliance is able to connect to at least one VPN registry using outbound UDP port 9350. or MX is unable to reach VPN registry So my question is, does temporarily loosing connectivity to the VPN Registry affect the tunnels that have already been established, in any way?
... View more
Jan 7 2018
7:08 PM
@PhilipDAth it looks like it had something to do with the flow preferences. If configured for using WAN1 and failover if "poor performance" it wouldn't let the traffic to pass through. As soon as I removed the flow preferences, I was able to access everything. Looks like it was trying to failover to WAN2, ignoring the cellular interface and the fact that WAN2 interface was also down. I am still working on the details
... View more
Jan 7 2018
3:10 PM
I use one MX100 as a Spoke VPN client, with 2x WAN links and a Cellular backup (AirCard 320U), which is configured with 4 VLANs. When it failovers to Cellular, I can ping everything from/to that remote site by using the IP, including devices and hosts on the local subnet and remote servers, however I have issues accessing anything to the internet or remote resources from the users' VLAN, or resolving anything using DNS. My first thought was that it might be a firewall related issue, however the access rules over the Cellular failover rules is permit Any Any (no changes in that field). One of the VLANs that is used for generic Guest Internet access and is not advertised over the VPN, has no issues accesing the internet. Any thoughts on what might be the issue?
... View more
Dec 28 2017
6:00 PM
How did you get that screen with all of those statistics? If I go to Organisation > VPN status I can only see statistics for latency and usage
... View more
Dec 28 2017
5:36 PM
I suspected that this would be the case.Thanks for confirming that PhilipDath. Communicating through DC/hubs will work for my case
... View more
Dec 28 2017
3:58 PM
How does the autoVPN works on the Meraki devices? Lets say that we have 50 sites using SD-WAN meshed/any to any VPN topology (2x WAN links for each site). Does each site establish tunnels with all of the other sites, regardless of whether there's actual traffic going through those tunnels? Or does it auto establish tunnels when there's actual need for traffic to pass from one specific site to another one and drops the tunnel after an x amount of time that the tunnel is idle? A branch office for example, would be required to be able to communicate mainly with 3x datacenters and occasionally with a couple more branch offices. Would it still be required to use the MX450 that would be able to handle 4900 VPN tunnels?
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 43915 | |
| 1 | 43860 |
