Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About OVERKILL
OVERKILL
Building a reputation
Member since Jul 17, 2020
3 weeks ago
Community Record
134
Posts
71
Kudos
4
Solutions
Badges
Jul 4 2022
12:43 PM
2 Kudos
Perfect, so go into AnyConnect Settings and setup AnyConnect, then download and use that client instead. That prevents you from having to deal with Microsoft breaking things with updates, as you use the Cisco AnyConnect client instead.
... View more
Jul 4 2022
12:40 PM
2 Kudos
OK, but what model of MX are you running? For example, under Client VPN on my MX64, I see this: See the AnyConnect Settings tab?
... View more
Jul 4 2022
12:36 PM
Is the MX getting an external IP or is it getting an internal IP from the ISP's equipment?
... View more
Jul 4 2022
12:33 PM
2 Kudos
What MX are you running? It shows up on 16.xx release firmwares on supported devices automatically (or at least it is supposed to). You'll see it as a separate tab beside the client VPN tab on the dashboard.
... View more
Jul 4 2022
12:26 PM
2 Kudos
I know it's not a "fix", but have you tried just switching to AnyConnect?
... View more
May 20 2022
8:59 AM
I'm wondering if it has to do with the 13:38:08 entry with peer port 48571. If that is also not getting forwarded, I suspect traffic can't get through and the connection is dropped.
... View more
Apr 26 2022
1:10 PM
Yeah, think that started with XP, but server OS's typically won't block it (depending on the configuration).
... View more
Apr 26 2022
1:00 PM
Can you ping wired to wired? And as @ww noted, be sure the clients are allowing ICMP responses, Windows 10 blocks them by default.
... View more
Apr 26 2022
12:55 PM
Ahhh, OK, was wondering. I found the Windows client to be more of a pain than it was worth so as soon as I could switch sites to AnyConnect, I did. I expect you'll find the same.
... View more
Apr 22 2022
11:47 AM
Any reason you aren't using AnyConnect?
... View more
Apr 17 2022
8:42 PM
Two things: 1. Are you using the latest drivers straight from Intel? If not, might be worth a shot, to see if it makes a difference. 2. I assume you are using the Meraki Client VPN and not AnyConnect? Have you tried AnyConnect?
... View more
Apr 14 2022
12:40 PM
1 Kudo
Excellent. I'd have them check CPU usage, as clearly the replacement didn't solve the problem. I went through the same issue, they sent me a new unit, problem continued. I ended up noticing that the interface flaps were happening at the same time that AnyConnect was restarting. I changed the port and then the flaps stopped. When I pointed that out to support, they checked the CPU usage logs and saw that this coincided.
... View more
Apr 14 2022
12:34 PM
1 Kudo
Do you have any port forwards or anything exposed on the WAN side? I experienced this same issue (all the interfaces flapping) and in my case, it was the CPU spiking to 100%, which was causing a reset of the interfaces. In my case, it was AnyConnect that was getting hammered by bad actors, so I changed what port it was on, which solved the problem. Do you have a case open with support? They can check the CPU usage to see if that's the culprit.
... View more
Apr 14 2022
12:28 PM
1 Kudo
Site-to-site VPN or Client? As @ww noted, AutoVPN tends to work fine behind NAT/PAT for the most part. Obviously, if it is Client VPN, you'll need port forwards configured as the traffic will never hit the WAN interface of the MX otherwise. On your query about the smaller ISP, yes, if they obtain a block of routable public IP's and the firewall is able to use one of those, no port forwarding would be necessary.
... View more
Apr 8 2022
12:03 PM
Check the logs for "ethernet port carrier change" and see if it is just the WAN interface flapping or other ports too. This is what was happening on an MX84 I manage:
... View more
Apr 8 2022
11:57 AM
1 Kudo
Yes, that does indeed look disabled. See if the problem goes away with the new unit, if it doesn't, I'd investigate this angle more deeply. The flapping I experienced on an MX84 was all active interfaces and was related to AnyConnect getting hammered and not related to the device.
... View more
Apr 7 2022
12:00 PM
3 Kudos
The Aruba 2920 family also supports 802.3az, which is what is known to cause the flapping. Your ISP router may as well. See if you can disable it on the port that the MX is connected to.
... View more
Apr 5 2022
8:36 PM
1 Kudo
Yup, same here. I also used nslookup to run it against OpenDNS and it didn't block it either (I use CIRA on my home network).
... View more
Apr 5 2022
12:21 PM
No problem. As I posted above, both of those switches you are using definitely support 802.3az (EEE), so that's likely the problem. Anything from the Cisco 2960-S family doesn't: https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-s-series-switches/data_sheet_c78-726680.html If you scroll down to standards, you'll see that 802.3az is not listed. Lots of them out there, I have a pile of them here.
... View more
Apr 5 2022
12:17 PM
Just checked the Netgear GS105 and it also supports EEE:
... View more
Apr 5 2022
12:14 PM
I just checked the SG110 and it supports EEE, so that may be your issue:
... View more
Apr 5 2022
12:06 PM
Do you have access to an older Cisco switch that for sure doesn't have EEE? I'm using a stack of 2960S's at a client and they definitely don't have it and they are rock solid.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 1628 | Apr 14 2022 12:28 PM | |
| 8332 | Apr 3 2022 10:49 AM | |
| 4420 | Mar 21 2022 3:24 PM | |
| 3332 | Jul 18 2021 8:54 PM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 6 | 1388 | |
| 4 | 6067 | |
| 3 | 1088 | |
| 3 | 5289 | |
| 3 | 8044 |
© 2024 Cisco Systems, Inc.
