Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About cfrankli
cfrankli
Just browsing
Member since Oct 7, 2020
Oct 9 2020
Community Record
4
Posts
0
Kudos
0
Solutions
Oct 8 2020
8:19 AM
Update: I enabled ICMP and was able to ping and connect via ssh, after exiting terminal session, I asked a remote colleague to connect via ssh. He was able to connect successfully after a few attempts. Subsequently asked him to exit session after which I tried to initiate a ssh session and the request timed out. He can continue to connect (login) but my ping / ssh sessions time out. It seems that once a session is established it locks out all other requests - still trying to figure out the duration - whether it's temporary or in perpetuity.
... View more
Oct 8 2020
7:30 AM
@Brian_V - yes, the remote user subnet (192.168.4.0/24) is included in the interesting traffic and VPN is On. The SG is allowing traffic from 192.168.0.0/24. I rebooted the appliance and it ssh is permitted from my local network - need to confirm that remote users can access once connected to Meraki VPN. @PhilipDAth made the point about hairpin connection which is valid however this used to work using an ASA 5505. I will post any relevant updates - in the interim, thanks to those who took the time to respond, much appreciated.
... View more
Oct 7 2020
12:52 PM
Yes. Individual establishes a VPN connection to MX64W via ConnectVPN (L2TP) or Windows native VPN as described in the Meraki Client VPN OS Configuration document (which works well). The troubles appear when an individual tries to connect to the AWS instance. An example: 2 days ago I was able to ssh into hosts in the subnet without any issues however my colleague could not. I enabled ICMP in the inbound Security Group originating from our internal address range and was able to ping the hosts however she was not. Later that day, my connectivity dropped and has been down for the past two days. I can usually clear things up by resetting / swapping the tunnel connection from one AWS ip to the secondary but this is cumbersome. To summarized remote user initiates vpn -> Meraki MX64. Desired behavior is that user can access hosts in AWS via the site to site tunnel established between MX64W which is defined as the AWS customer gateway connecting to the AWS virtual private gateway. Hope that helps.
... View more
Oct 7 2020
8:27 AM
Problem statement: connecting to AWS EC2 instances via ssh by remote users connecting via Meraki VPN. I have an MX64 with a site to site tunnel to our AWS environment and need our remote employees to be able to connect to EC2 instances in our VPC using ssh (terminal / PuTTY). My site to site connection, using a single tunnel shows as UP on the AWS side as well as in the Meraki dashboard (and have learned to live with the daily AWS warning that I don't have redundant tunnels). There are times when I can connect to the EC2 instances (10.x.x.x addressing) via ssh without an issue, but remote users can't. Note: I'm at the location of the MX64W. The inverse is also true - remote user can connect but I can't. I've been on multiple calls with AWS and Meraki and everyone is saying configurations check out. Considering bringing back and ASA 5505 and have it handle the AWS side but seems like that's just complicating things. Putting this out to the community hoping someone might have some insights or recommendation to follow. At this point, I'm wanting to pitch the Meraki appliance in lieu of another solution (out of frustration).
... View more
© 2024 Cisco Systems, Inc.
