Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About big-net
big-net
Getting noticed
Member since May 29, 2020
Aug 13 2021
Community Record
20
Posts
4
Kudos
0
Solutions
Badges
Aug 5 2021
6:38 AM
Hello, we would like to use the content filtering. For this we would like to work with group policies. We are currently looking for a way to prohibit individual clients from accessing the Internet. Unfortunately, the "block list" is not a solution, as internal access is also blocked here. Therefore we have defined a group policy "block all" with a catch-all (*). However, access to internal websites is also blocked here (e.g. via VPN). We are looking for a solution to block internet access for individual clients, although access to internal web services should still be possible. This is our current setup: all clients are wired. We are using site-to-site vpn. We have a layer 3 switch behind the MX. The clients are connected to the Layer 3 switch. The MX has a static route to the subnet on the switch. 1. - some clients are allowed to access the internet directly, works with a firewall rule 2. - some clients are allowed to access the internet via a proxy server (squid proxy), which also does the content filtering 3. - all other clients are not able to access the internet Now we want to use the content filtering of the MX. The clients from point 1 and 2 should go directly to the internet, content filtering does the MX with a default set. To implement this, the firewall rule from point 1 is changed, so that the entire subnet is allowed to access the internet. Now i need a solution, how to block the clients which are not allowed to access the internet. I am grateful for any help Thanks Oliver
... View more
Aug 2 2021
10:43 AM
I solved it by changing the client tracking from mac address to ip address.
... View more
Jul 6 2021
1:21 PM
I removed the bypass. Now the setup is: Internet -> MS120 -> MX250 -> Core ----------------> All clients who were behind the switch before are now gone. So I still can't use the policie.
... View more
Jun 30 2021
2:35 AM
Yes, I know. The clients use the mx as their default gateway. I checked this.
... View more
Jun 29 2021
4:43 AM
Yes, this is our setup. No, there is no bypass. The traffic flows through the MX250, checked with trace route. The firewall rules are also working. But your are right, once die MS120 is connected direct to the core and once through the MX250. Let me explain why we did that. We have a range of public IP's from our ISP. In order for the MS120 to be able to access the Internet, we would have had to offer a public IP. Because there is no free public IP, we connected the MS120 to our core-switch. The public subnet and the link to the core on the MS120 are seperated in 2 VLAN's. The subnet on the core is allowed to access the internet. A think the topology detection is the problem. The direct connection must be ignored. Only the connection to MX250 must be visible.
... View more
Jun 29 2021
3:32 AM
Hello, last year we introduced a new meraki environment. Everything works fine. Now we would like to activate the content filtering. The Active Directory connection is set up and group policies have also been configured. However, I cannot whitelist some clients. I have a guess what the problem is: A MS120 is connected to the router of our provider. Our MX250 cluster is attached to the MS120. The MX250 is connected to our core switch, a Dell S4048T-ON. So that the MS120 can access the internet to connect to the Meraki Cloud, the MS120 is connected to the Core via a separate VLAN. The subnet on the core is allowed to connect to the internet. Because the MS120 is connected to the core, the topology shows that all clients are behind the MS120. The Clients are also shown as offline / disconnected. Thats wrong. The right way would be Core, MX250, MS120. For all affected clients, the policy section is missing under network-wide/Clients. The subnets connected direct to the MX250 are not affected by the problem. How can I fix this? I am grateful for any help. Thanks, Oliver
... View more
Jul 15 2020
12:18 PM
Hallo, i have found the following statement about a UDP timeout: https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/VoIP_on_Cisco_Meraki%3A_F.A.Q._and_Troubleshooting_Tips The MX does have a simple UDP timer function, which will drop a traffic flow after an extended period of inactivity. This timer cannot currently be changed. However, a timeout would require both peers to be completely silent for an extended period of time in order to take effect. UDP communication between peers on an active call, for example, is highly unlikely to be dropped due to a timeout. is this may be causing the error?
... View more
Jul 14 2020
11:41 PM
No not yet. Since I don't know when the effect will occur, I would have to run the wireshark permanently. i think there is a huge trace file in the end
... View more
Jul 14 2020
2:57 PM
Yes, but with our old Cisco ASA everything works fine. The Problem starts since we switched to Meraki. Nothing has changed on the PBX
... View more
Jul 14 2020
1:25 PM
Thanks for your reply. Where can i find this option? We have a MX250.
... View more
Jul 14 2020
12:36 PM
Hello, since we switched to cisco meraki we have had a problem with our sip-trunk. Inside our network we have a pbx which set up the sip trunk to our provider. Mainly at night, if not so much is called the problem appears. The registration of the sip trunk possibly get lost. when the PBX registers again with the provider, everything works fine. Whats the problem? Any help is appreciated thanks Oliver
... View more
Jun 3 2020
12:21 AM
2 Kudos
Finally, it was a problem with our internet provider. Everythings works fine now.
... View more
Jun 1 2020
2:26 PM
the problem also appears when i'm pinging from one mx direct to the other mx about the tools section. So the problem can't be at the server site.
... View more
Jun 1 2020
2:10 PM
But with our old Cisco VPN Routers everything works fine. Two weeks ago we setup the meraki environment. Everything works fine thince thursday last week. And possibly the problem appears? Thats what i dont understand
... View more
Jun 1 2020
1:23 PM
Yes, That is an idea we also had but with all Servers? It doesnt matter if smb, http or rdp. everything is Slow thanks
... View more
Jun 1 2020
1:17 PM
Hi, no, there Is no SD-WAN policy or traffic shaping enabled on Site A. thanks
... View more
May 31 2020
4:13 AM
Hallo, we've setup a new meraki envirenment. Site A: MX250, working as Hub Site B: MX250, working as Spoke Site C: MX65, working as Spoke vpn between Site A an Site C is working fine. vpn between Site A and Site B has a problem: the direction from Site B to Site A is working fine, but the direction from Site A to Site B not. For example, if we copy a file from Site B to Site A it is working. But if we copy a file from Site A to Site B it does not work or is extremly slow. in general the connection from Site A to Site B is very bad. We have checked all internet connections on every site, everything is ok. Also client vpn on Site A and Site B is working fine. We have deleted all rules on the site to site firewall. Also the networks are routed through the vpn. But it is not working. Has anybody an idea whats the problem? Any help is appreciated. Thanks a lot. Oliver
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 1042 | |
| 2 | 3515 |
© 2024 Cisco Systems, Inc.
