Which operating system are you trying to configure the VPN on? If it's Windows, have you already tried checking the error code in the Windows Event Viewer as previously indicated? ... View more

First you nedd to add the device on the inventory.     https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Operate_and_Maintain/Inventory_and_Devices/Using_the_Organization_Inventory ... View more

Only use network-level for alerts not supported at the org level. ... View more

Basically, you have the same alerts, but the organization-level alerts are more flexible; you can even create profiles. So, if you want to receive alerts from all networks without having to configure each one individually, configure the alerts at the organization level. https://documentation.meraki.com/Platform_Management/Dashboard_Administration/Operate_and_Maintain/Monitoring_and_Reporting/Organization_Alerts_and_Notifications_Configuration ... View more

When you see the message service meraki connect is enabled on your new C9200 switch, that means it's running in Cloud Configuration Mode fully managed by Meraki.   If you do not wish to manage through the Meraki dashboard, you need to open a support case. ... View more

Take a look at this discussion.   https://community.meraki.com/t5/Wireless/AI-RRM-12-Months-On-Experience/m-p/286595 ... View more

Here you can find more details if you want to use L2PT connetion.   https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Client_VPN/Client_VPN_Overview ... View more

Here you can find all the information that you need.   https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Client_VPN/AnyConnect_on_the_MX_Appliance ... View more

Also take a look at this.   https://community.meraki.com/t5/Security-SD-WAN/Cisco-Meraki-Client-VPN-behind-Nat-Router/m-p/258674#M57511 ... View more

But what is the error code?   Take a look at the link I sent you.   https://documentation.meraki.com/SASE_and_SD-WAN/MX/Troubleshooting_and_Support/Troubleshooting/Troubleshooting_Client_VPN/Unable_to_Connect_to_Client_VPN_from_Some_Devices ... View more

What is the error code?     https://documentation.meraki.com/SASE_and_SD-WAN/MX/Troubleshooting_and_Support/Troubleshooting/Troubleshooting_Client_VPN ... View more

You can't ping using the LAN as a source on the MX. ... View more

When in passthrough mode, the MX is best used for in-line:   Layer 3/7 firewall rules, traffic shaping, and analysis Network asset discovery and reporting Intrusion detection Client and site-to-site VPN ... View more

When an MX Security Appliance is switched to VPN Concentrator / Passthrough mode, the unit essentially becomes a Layer-2 bridge and no longer functions as a full router/firewall appliance.   The firewall function will work just for inbound traffic.   https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway? ... View more

Check the session timeout on the policy result.   Cisco ISE default session timeout is 7200 seconds (2 hours), often managed via RADIUS attributes to force re-authentication.  ... View more

How is the session timeout configured? ... View more

Are you using an external RADIUS server, the one from Meraki? ... View more

No, but you can list and manage Meraki auth users including ones used for Client VPN authentication. ... View more

Probably when you make the change, it can't communicate with the Meraki cloud again, so the configuration is rolled back, which is the expected behavior.   How are you making this change? ... View more

Default gateway: When creating the first IPv4 interface on a switch, you will be prompted to enter a default gateway address. This is the next hop IPv4 address of another device on the network, used for any traffic that isn't going to a directly connected subnet or over a static route. This IP address must exist in a subnet with a L3 interface, and will be used for the default route next hop IP address.   https://documentation.meraki.com/Switching/MS_-_Switches/Design_and_Configure/Configuration_Guides/Layer_3_Switching/MS_Layer_3_Switching_and_Routing ... View more

Meraki MX does NOT support LACP for WAN or LAN ports. That means on the Catalyst side you must not use channel-group on the MX-facing ports. If the Catalyst uplinks are in a port-channel, a failover will break traffic until the LACP state machine times out. ... View more

Actually, that's not a problem; you need to have an SVI with that subnet created to point to that IP as the next hop.     There are two types of source based default routes. The only difference between a LAN and VPN source-based default routes is the next hop. i. LAN based default route ii. VPN based default route   LAN source based default route - The next hop of a LAN source-based default route is on the LAN side of the MX security appliance. The next-hop IP is known to the security appliance on the LAN side either by a VLAN or a static route.    VPN source based default route - The next-hop of a VPN source-based default route is an MX security appliance on another network within the same dashboard Organization. Use this option if the source subnet is participating in AutoVPN.   This doesn't work for a non-Meraki VPN. ... View more

Yes, it can work, but upgrading all switches together is often simpler and safer when the maintenance window is small, especially because Meraki pre‑downloads firmware and switches wait around 20 minutes before rebooting.   Meraki's staged upgrades are great when you have too many switches to upgrade in a single window, or you have different allowable outage windows per group.   MS Firmware Upgrades - Cisco Meraki Documentation ... View more

Do you have a dedicated IP or is it behind a NAT.   If it's behind a NAT you can try this.     Registry Adjustment (for NAT network) If your client or server is behind a router with NAT:   Open the Registry Editor (regedit).   Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent.   Create a DWORD AssumeUDPEncapsulationContextOnSendRule and set the value to 2. Restart the machine. ... View more