Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About PatrikStar
PatrikStar
Here to help
Member since Jul 16, 2021
Sep 20 2023
Community Record
11
Posts
1
Kudos
1
Solution
Badges
Sep 16 2023
2:07 AM
Can I build like this? I have four sites with MX and one site with Non Meraki FW. One site is Hub. Three sites is Spoke. I want the Hub-MX to have an S2S VPN to the Non Meraki Site/FW. The Spokes can access the Non Meraki Site through the Hub. All traffic that is going to my networks subnets should go through the VPN. Everything else should go through each sites "normal" internet. Is it possible?
... View more
Aug 17 2023
2:05 PM
1 Kudo
Yes, I got help from Meraki Support. On the non meraki you had to add. Peer ID must be the IP-address that the MX is getting from the MG. For example: 172.31.128.4 Peer Endpoint must be the public IP-address that the MG gets. And then you must add a portforwad on your MG to your MX. Port 500 UDP Port 4500 UDP
... View more
Apr 11 2022
3:05 AM
Hi! We have Windows Server 2016 and MS Network Policy Server installed. All ports are for now opened, in and out. The Network contains of one Hub and multiple Spoke. This MX is a spoke. All MX have a VPN connection to our servercloud where the Network Policy Server is. It's an VMWare Edge, so Non-Meraki Site to Site VPN. There are no event logs with those eventIDs on the Policy Server. The MX can ping the Policy Server both on LAN and on Internet.
... View more
Apr 8 2022
1:02 PM
Thanks, I will look at that. Right now nothing works. I can't even connect with Cloud Authentication. Have setup this a few times before but this setup is haunted by evil spirits or something. Maybe it is my clients thats is the problem. But I can connect to other Meraki VPN. Need to start over and verify every step.
... View more
Apr 8 2022
10:44 AM
Have tried ping from MX to internal Radius-server with success. When I capture from LAN while trying to connect I get nothing about radius in the log. When the client is trying to connect it fails right away with error.
... View more
Apr 8 2022
7:18 AM
I'm getting frustrated now. I try to setup User VPN to authenticate with Radius-server but cannot get it to work. If I use Cloud Authentication it works fine. On the Meraki I setup up as follow. Subnet: 10.10.5.0/24 Custom nameservers: IP to our internal DNS-server I have a Shared Secret. Authentication: Radius RADIUS servers is our internal Network Policy Server. IP: 10.10.9.18 Port: 1812 Secret: Same as on Network Policy Server. The Policy Server is installed and registered in Active Directory. I have followed the guide at https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN I have all ports in and out opened on the Network Policy Server (just for test). When the client attempt to connect they get error 691, wrong username/password. I have tried multiple differnt accounts, but all the same. Tried login with their domainname/username and mailaddress and other combination. But same error all the time. Rebooted the Network Policy Server. Tried from two differnt clients. MX Eventlog says msg: <l2tp-over-ipsec-1|1055> deleting IKE_SA l2tp-over-ipsec-1 msg: <l2tp-over-ipsec-1|1055> closing CHILD_SA net-1{6517} with SPIs cb90df4f(inbound) (798 bytes) efccb7de(outbound) (379 bytes) and TS msg: <l2tp-over-ipsec-1|1055> CHILD_SA net-1{6517} established with SPIs cb90df4f(inbound) efccb7de(outbound) and TS Packet Capture says nothing about Radius.
... View more
Labels:
- Labels:
-
Client VPN
Jul 20 2021
1:25 AM
Hi! I have a bunch of sites and one Hub-site. Hub-site is 10.10.10.0/24 Then I have following Spoke-sites Site 2: 10.10.111.0/24 Site 3: 10.10.112.0/24 Site 4: 10.10.113.0/24 And so on.... All sites are connected to our cloud-servers through a Non Meraki Site-to-Site VPN. Cloud-servers are at 10.10.9.0/24 All Spoke-sites are connected to the Hub-site and can access the network there. Our MG21-solution is on 10.10.124.0/24 This site can access the Hub-site but cannot establish a Non Meraki VPN to our Cloud. I set Default route to Hub-site and then tried to add a route from Hub-site to 10.10.9.0/24 but it generated an error saying that 10.10.9.0/24 route is already in use by the Non Meraki VPN. I guess I should have done my homework before ordering this product. Maybe with a new SIM-card to remove the double NAT would solve it. Or your solution with an VPN concentrator hub, even though that seems like overkill just to get one small site up and running. Im not sure our Cloud would approve that. Pretty stuck now.
... View more
Jul 16 2021
2:32 AM
Hi! I have an MX64W connected to MG21 via Internet Port on MX64W. In the Org we have multiple MX64 and other MX-models. But just this one MG21. All sites (MX) are connected through VPN to an 3rd party FW in firewall for the edge gateway VmWare. This works fine. But our MG21 with MX64W dont want to connect. I understand that its because the double NAT and I am pretty sure that our edge gateway dont support this. So I thought that we could connect the MX64W with its MG21 to our Hub and then route it to our Edge Gateway. But that doesn't work because the route already exist in the global Non Meraki VPN. So now I am stuck. I was also trying to activate so I could connect with User VPN to our new MX64W and it's MG21, but that doesn't work either. I was trying to do port forward on the MG21 UDP 500 and UDP 1500 to our MX64W, put no luck there either. Could anyone pls give me some pointers in both this cases? 1. MX64W with MG21 - Site to site VPN to Non Meraki edge gateway VmWare. 2. User VPN to MX64W with MG21.
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 757 | Aug 17 2023 2:05 PM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 1 | 757 |
© 2024 Cisco Systems, Inc.
