The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About chesterweirdo
chesterweirdo

chesterweirdo

Comes here often

Member since Jan 29, 2021

‎07-30-2022

Community Record

12
Posts
0
Kudos
0
Solutions

Badges

First 5 Posts View All
Latest Contributions by chesterweirdo
  • Topics chesterweirdo has Participated In
  • Latest Contributions by chesterweirdo

Re: Anyconnect IPV6 routing even with it disabled

by chesterweirdo in Security / SD-WAN
‎07-22-2022 02:49 AM
‎07-22-2022 02:49 AM
So over an hour on the phone with Meraki and no help at all. Has anyone else used Any connect on a linux machine? Basically, as soon as you connect it add a load of routes to your route table sending IPV6 to the Any connect interface. That should not be happening as it should have no impact on IPV6. It looks like the traffic does not get to the MX so Meraki are easing their hands with it saying they can prove it does not get to the device. ... View more

Re: Anyconnect IPV6 routing even with it disabled

by chesterweirdo in Security / SD-WAN
‎07-21-2022 01:42 PM
‎07-21-2022 01:42 PM
So I have spent the day looking at this a bit more and trying to understand it. I setup a new Ubuntu machine and installed the AnyConnect client   It connects fine and I can browse the internet. However, running route -6 returns the route table and shows that IPV6 is being routed down cscotun0 when it should not be adding a route. Having checked on my OSX device connecting to the vpn the IPV route table does not add a record to route it down the tunnel.     ... View more

Re: Anyconnect IPV6 routing even with it disabled

by chesterweirdo in Security / SD-WAN
‎07-20-2022 02:12 PM
‎07-20-2022 02:12 PM
Just bumping to see if anyone had a solution. We want to enable mfa but with the client not working that’s not going to be possible.  ... View more

Authenticate SSID via saml/azure ad

by chesterweirdo in Wireless LAN
‎06-28-2022 04:22 PM
‎06-28-2022 04:22 PM
I don’t suppose anyone has any info on when this might be available.  I feel like I have so much setup to get radius working just for wifi. It’s my last thing to move to the cloud.    ... View more

Re: Anyconnect IPV6 routing even with it disabled

by chesterweirdo in Security / SD-WAN
‎06-28-2022 04:09 PM
‎06-28-2022 04:09 PM
Yep we are running split tunnel. We don’t want to send the ipv6 dns over the client. It should really remain local which is why we have tried to turn off ipv6 on the client but it does not seam to work.  ... View more

Anyconnect IPV6 routing even with it disabled

by chesterweirdo in Security / SD-WAN
‎06-28-2022 01:16 AM
‎06-28-2022 01:16 AM
Hi, We have an issue with Linux users where t he AnyConnect VPN client is routing IPv6 traffic using the client even with the option disabled.   We have set in our xml file <IPProtocolSupport>IPv4</IPProtocolSupport>   But we still get DNS routing via IPV6 so it fails.    I did find an article relating to an ASA which suggested setting client-bypass-protocol but I'm not sure if I can just add that to the XML.   They have been able to  connect using the openvpn client on Linux   Mac and Windows is working fine.   Can anyone help? ... View more
Labels:
  • Labels:
  • Client VPN

Warm Spare for MX84

by chesterweirdo in Security / SD-WAN
‎06-22-2022 09:13 PM
‎06-22-2022 09:13 PM
I'm looking to enable some failover on our network. We have two ISP. Currently, the primary is in WAN1 and the secondary is in WAN 2. My understanding is that gives us failover if one of the lines drops. What it does not cover is a hardware failure in the MX84.   My ISP's do not provide two links so I think currently if we have a hardware failure I will have to swap the WAN port on the primary Firewall with the secondary one. It's not automatic but will do.   My plan was to enable Warm spare in the dashboard for the second Meraki with have. I assume I need a link cable between them both to keep the heartbeat. Does it matter which port I use. Will it then work if it fails over we just swap the WAN port cable over? ... View more

Any Connect Auth using Radius

by chesterweirdo in Security / SD-WAN
‎10-28-2021 08:29 AM
‎10-28-2021 08:29 AM
Has anyone managed to get Any Connect on the MX to auth using Radius?   We are trying to use Free radius which we use for our Wifi without issue but cannot get it to work with Any connect.   Any pointers would be great. Support say they can not help   we see   (214) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (214) Failed to authenticate the user (214) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): in our radius logs ... View more

Re: Azure vmx not connecting to AWS vmx.

by chesterweirdo in Security / SD-WAN
‎05-09-2021 01:55 AM
‎05-09-2021 01:55 AM
Why would remote sites be able to auto vpn in its current setup? They all are direct ip devices at the remote site.  ... View more

Re: Azure vmx not connecting to AWS vmx.

by chesterweirdo in Security / SD-WAN
‎05-09-2021 01:22 AM
‎05-09-2021 01:22 AM
But that would mean it would have to be in the public subnet. How would it then be able to see anything in the private? ... View more

Azure vmx not connecting to AWS vmx.

by chesterweirdo in Security / SD-WAN
‎05-07-2021 02:09 PM
‎05-07-2021 02:09 PM
We have a Vmx in aws in private subnet behind NAT gateway. It’s reporting that the NAT type is unfriendly.  we have spun up a vmx in azure and we are trying to get the auto vpn to connect.  the nat type on the azure box says friendly so that looks okay.  what does not make sense is our remote sites that have direct Ip setup are connecting to the aws vmx.  if it was an issue with NAt would they not connect?   I can not find any docs on how to setup the vmx in a private subnet behind a nat gateway.  can anyone help.  ... View more

Local site PPPoE settings

by chesterweirdo in Security / SD-WAN
‎01-29-2021 09:49 AM
‎01-29-2021 09:49 AM
We are rolling out MX devices to local sites. Its working well but I want to get to the point that end users can do it. My issue is they have to log onto the local admin page to set the PPPoE username and password.   We always use the same provider so actually it is always the same details. How does anyone else get around this     ... View more
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki