cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About chesterweirdo

Re: Warm Spare for MX84

by Kind of a big deal in Security / SD-WAN
Thursday
6 Kudos
Thursday
6 Kudos
Concur with @Brash. Place a switch behind the ISP to give yourself the additional port capacity to your MXs.  good document:   https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair   Points to note regarding MX WAN uplink IPs:     use MX uplink IPs: When using this option, the current active MX will use its distinct uplink IP or IPs when sending traffic out to the internet. This option does not require additional public IPs for internet-facing MXs, but also results in more disruptive failover because the source IP of outbound flows will change. Use virtual uplink IPs: When using this option, both MXs will use a shared virtual IP (VIP) when sending traffic to the internet. This option requires an additional public IP per uplink, but allows for seamless failover because the IP address the network is using to communicate with the internet will be consistent. The VIP for each uplink must be in the same subnet as the IPs of the MXs themselves for that uplink, and the VIP must be different from both MX uplink IPs. ... View more

Re: Any Connect Auth using Radius

by Kind of a big deal in Security / SD-WAN
‎10-28-2021 12:02 PM
‎10-28-2021 12:02 PM
Did you manipulate the Auth-type settings in your Freeradius-config? I general you shouldn't as the default matches nearly everything. The MX uses the plaintext-authentication-method PAP_ASCII, if you want or need to configure your Freeradius for that, make sure that this method is enabled. ... View more

Re: Azure vmx not connecting to AWS vmx.

by Kind of a big deal in Security / SD-WAN
‎05-09-2021 04:07 PM
‎05-09-2021 04:07 PM
My guess is both your Azure and AWS configurations are blocking inbound connections, so AutoVPN can only be established by making an outbound connection.  So it neither can accept in inbound connection, then they wont be able to connect to each other, only to s[okes.   For Azure, I would make sure you are using manual NAT traversal (aka port forwarding in the below document), and make sure your inbound rules will allow the traffic. https://documentation.meraki.com/MX/Site-to-site_VPN/Automatic_NAT_Traversal_for_Auto_VPN_Tunneling_between_Cisco_Meraki_Peers    If you aren't doing this, it will probably be enough to make it work, but it won't be rock-solid reliable.   To make it rock-solid reliable you need to do exactly the same thing in AWS.  You need to assign it an elastic IP and set a similar port forward (can be a different port, makes no difference).   ... View more

Re: Local site PPPoE settings

by Kind of a big deal in Security / SD-WAN
‎01-31-2021 03:19 PM
‎01-31-2021 03:19 PM
@chesterweirdo we always put the MX behind the ISP NTE so that covers the PPPoE etc.  But that is in the UK, perhaps the ISP doesn't provide an NTE for you? ... View more
© 2022 Meraki