Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Foxo
Foxo
Here to help
Member since Jul 1, 2020
Nov 15 2022
Community Record
10
Posts
2
Kudos
0
Solutions
Badges
May 4 2021
7:13 PM
One of the "cloud" providers is not a major cloud provider but an application cloud provider and appears to be extremely adverse to allowing us to get them to S2S with another site over "security concerns". We don't have a lot of room to argue with them.
... View more
May 4 2021
2:56 PM
Philip - that is correct, we are the B site. I was afraid that would be the answer 😅 Unfortunately we have no control over the entities on the other ends (both quasi-cloud providers) and couldn't deploy a Z3. One of them does not want to allow a direct connection despite already connecting to us. We might have found a non-VPN workaround to this issue that appeases both parties, but need to keep all the options open. I like the sound of the StrongSwan VPN but I'm sure that is complicated. Does it require a static IP? Do you do consulting? (half serious - if it came down to it we might need to do this) Bruce, like Philip said - it looks like the Meraki can't pass traffic between two S2S VPNs. I am not familiar enough with these aspects of networking, but it's a bummer! I have read that you can buy another appliance to accomplish this behind the Meraki, but it is not super clear to me how that would end up actually functioning with the Meraki and I don't want to over-promise my company on what can be done. Your guidance is appreciated!
... View more
May 4 2021
6:29 AM
I have an unusual case where I want a new non-meraki S2S VPN peer to be able to talk to another non-meraki S2S VPN peer on our network. For various reasons we are not able to bridge the two non-meraki peers directly and they can only bridge via our network. We basically want to set something like this up - https://community.cisco.com/t5/security-documents/routing-traffic-between-two-site-to-site-vpn-tunnels/ta-p/3145351 I'm trying to figure out how this can be accomplished in the year of 2021. Seems this could go two ways... Bridge inside of MX device - now that Meraki supports IKE2 route-based VPNs (after a FW update...) I am curious if this can be accomplished entirely within the Meraki appliances now. Add an extra device - it seems I could purchase a third device (another Meraki, an EdgeRouter, something), connect one of the S2S VPN to that, and then setup a route between the MX and the 3rd party device to make this happen? Can anybody help me better understand these concepts and how I could possibly accomplish them? I'm a bit out of my depth and on a time crunch, of course. Environment: Two MX100s setup in HA, two dedicated fiber lines, I *may* have spare IPs on each line... let's assume I do for now for option 2. The existing S2S VPN uses IKE1, while the other VPN supports IKE2, it seems they prefer IKE2 route based policy.
... View more
Feb 12 2021
2:21 PM
1 Kudo
Oh, and as an FYI - in ConnectWise Automate Backstage and Automate script - it works because the tool runs as NT AUTHORITY\SYSTEM. We currently have access to this tool. Any tool that runs as that service account will work fine. Getting it scripted when you have an environment with minimal automation tools is tough.
... View more
Feb 12 2021
2:20 PM
1 Kudo
First @PhilipDAth thanks for the update! It is working pretty well. still working on a good way to script it to run as system via PowerShell with our tools. @Duke_Nukem - You need to specifically run it under NT AUTHORITY\SYSTEM. An easy but hacky way to do this is with PsExec.exe Copy PsExec.exe to the target computer In an administrative powershell, run the following command. This will not work in a standard admin powershell. ./PsExec.exe -s -i -accepteula powershell.exe In the new PowerShell window, paste the script contents. This windows is running as NT SYSTEM\AUTHORITY and not local admin https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
... View more
Dec 21 2020
12:33 PM
Did you publish those changes to https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html or a public GitHub repository? This would be incredibly helpful... I've been trying to test grabbing all SIDs using wmic and feeding that into a loop but I'm getting some weird behaviors.
... View more
Dec 21 2020
6:12 AM
I'm no PowerShell expert but I've been looking into how to work around this - This old thread seems to have a solution - https://github.com/MicrosoftDocs/windowsserverdocs/issues/580 It says if you run the script as NT AUTHORITY\Local System you can pass the SID of the currently logged in user, so the user does not need to be a local admin to install the script. However the script itself needs to be run as Local System, which the thread suggests doing as a Scheduled Task in Windows. I'm not a huge fan of trying to configure a one-off Scheduled Task and I imagine you could also have a script that just asks for the targeted username and translates that into an SID, or recursively installs for every SID present on the device. Perhaps the latter makes more sense. If I make any progress on modifying your script to support this I'd be happy to pass it onto you - but you might be faster at making this change than myself.
... View more
Dec 18 2020
11:42 AM
Don't want to derail this thread too much - but I just setup a fleet of 20H2 devices (some upgraded, some fresh installs) and I am still seeing an issue where the script does not apply to all users-just the admin user the script is run as. Non-admin users cannot run the script. I am running the script in an elevated PowerShell session.
... View more
Dec 11 2020
7:58 AM
I will second the issues on not showing up for all users in Windows version 2004. We have quite a few computers where this script will work on some and on some it will give a "General error with no specific details has occurred" or it will only show up for the admin account that ran the script and not regular users - identical script. For those that the script successfully installs, it works perfectly.
... View more
Are you still having this issue and have you done anything to resolve it? We have some Intermec/Honeywell scanners + ARM based devices and an update to 26.6.1 appears to be causing a similar issue - loss of WiFi signal, RDP connections freezing and disconnecting, and high latency. We're considering rolling the firmware backwards as a temporary fix since it is impacting our business.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 1 | 9045 | |
| 1 | 9047 |
© 2024 Cisco Systems, Inc.
