Community Record
61
Posts
13
Kudos
2
Solutions
Badges
Aug 21 2024
3:53 AM
OK, so I'm completely stumped here. I need help. I have around 140 users on my Meraki MX64 with a 100Mbps up/down fibre network connection. Only one of my users has this problem. This user has a Dell XPS 13 9310 laptop with Windows 11 installed. They use a J-Create JCD542 docking station's RJ-45 port to connect to the network. Problem: The user has intermittent internet. However the local network is not intermittent. To clarify, if I ping my local NAS drive (that is connected on the same switch as my Meraki MX64) then there is no packet loss. If I ping 8.8.8.8, then I have packet loss. If I connect another laptop on the same lan cable, the packet loss to 8.8.8.8 goes away. If I move the XPS laptop to a different lan connection, I still get packet loss to 8.8.8.8. Also if I connect the XPS to a D-Link router with 4G mobile internet via the same docking station, then the packet loss to 8.8.8.8 goes away. I have also tried a two other docking stations with the XPS and the packet loss still occurs when connected via the Meraki. So the problem is not (as far as I can tell): a) The network or the local lan cable, that works perfectly if another laptop is connected. Also the problem persists if the XPS user connects to the network at a different location. b) The docking station, we have tried 3 different docking stations. Also the docking station is not intermittent when on a 4G router. What I have done to try to fix the problem: 1) I have moved the user to a group policy with no restrictions. 2) I have changed the IP assignment of the user. 3) I have uninstalled the network driver in device manager and rebooted the laptop. 4) I have tried the Windows 11 internet connection troubleshooter, that found no problem. 5) I have tried these commands: netsh winsock reset netsh int ip reset ipconfig /release ipconipconfig /flushdnsfig /renew 6) In windows 11 I did: Settings > Network & internet > Advanced network settings > Network reset Nothing works, the internet connection remains intermittent for this one user on this one laptop and nowhere else. I add a screenshot of how we ping a local NAS with no packet loss and 8.8.8.8 with packet loss at the same time.
... View more
Jul 10 2024
7:27 AM
2 Kudos
I in fact did this. Blocked professional networking and added the *linkedin.com rule. Works well.
... View more
Jul 10 2024
6:03 AM
How to best block the use of LinkedIn with a group policy? Is there a layer 7 rule? If so in what category is it? If not any suggestions? Thanks.
... View more
Labels:
- Labels:
-
Firewall
Jun 10 2024
2:14 AM
Will do. Thanks.
... View more
Jun 10 2024
12:37 AM
Hello, The whole of last week I had to click on the maintenance notification for 6th of June every time I opened my Meraki dashboard. Then on the 7th, the notification for the 6th still showed up as well as a new one about the 7th. These have now gone, but today there is a new notification about the 23 of June popping up. This is very irritating because it does not go away once closed. The notification keeps popping up every time I access my Meraki. Is there no way to click it once and never have to see it again? Or am I going to have to look at it every day repeatedly for the next two weeks? Thank you for any help if possible.
... View more
Labels:
- Labels:
-
Other
Oct 17 2022
3:57 AM
I use MAC addresses to add clients to a Group Policy. The VPN connection does not have a MAC adress. How will I add a policy to it?
... View more
Oct 12 2022
11:59 PM
I've not changed anything in the routing table, it is still on default settings and look like this: I do have several Group policies setup and the laptop in question is configured for one of these policies. But I must add that the Group policies are assigned by MAC adress and as the VPN is not using the MAC address of the LAN port on the laptop, I'm not sure that the Meraki will identify the laptop correctly. That being said I'm not interested in using the internet throught the meraki. The laptop can use it's own local internet as long as I can access the LAN on my office network.
... View more
Oct 12 2022
11:18 PM
So I am simulating a person working from home. That is a windows laptop on a home wifi using VPN to connect to the office MX64. At the office they must, for example, be able to access the local NAS drive, Server1 or 192.168.1.3. Another user must be able to access a SQL server located at 10.5.5.1. The VPN only assigns a subnet that is not the same as the local vlan's subnet and I cannot find a way to add more than one subnet to the VPN. So I don't know what to do to access the local subnet/vlan once looged in as a VPN user. Maybe I'm missing something obvious, as everyone is telling me by default it is all accessible. However the method of accessing it eludes me.
... View more
Oct 12 2022
2:57 AM
My laptop is on wifi at the moment to test VPN connectivity, here is the wifi and VPN IP's I have (for now) changed the block rule to allow, for testing.
... View more
Oct 12 2022
2:29 AM
"Client VPN users may access all subnets within the network by default." How does this work? My VPN subnet is 192.168.5.0/24, I'm connected as 192.168.5.118. However I cannot connect to anything in my 192.168.1.0/24 subnet. For example if I ping 192.168.1.3, a NAS server, I get no response. If I put 192.168.1.3 in my file explorer, it fails to access the NAS drive. What can I do to fix this?
... View more
Oct 12 2022
2:17 AM
I don't understand. I don't want to restrict access. I want to allow it. How do I allow it? I am now connected as 192.168.5.118. When I ping 192.168.1.3 I don't get a ping. When I try to access 192.168.1.3 with my file explorer is cannot find that IP. How do I reach it? I have added a rule to the Layer 3 firewall like this: This does not help. I still cannot access 192.168.1.3.
... View more
Oct 12 2022
12:05 AM
1 Kudo
Hello, I have only recently succeeded in establishing a VPN connection from a client PC to my Meraki. The specified vlan for the VPN is 192.168.5.0/24. My clients have to access servers in my local vlans. These are 10.5.5.0/24 and 192.168.1.0/24. Do I set this up under port forwarding or under the Firewall? Can you please show an example of how to do it properly? Second question is there a way to give some clients access to one local vlan, but not the other and vice versa?
... View more
Oct 11 2022
11:54 PM
The problem with this connection was with my ISP and not any setting on my Meraki. There are only two things to note: 1) The host-name provided by my Meraki unit, pointed to the public IP. In my case the Public IP is not the same as the WAN1 IP of the Meraki.With the result that I had to specify the VPN Server address as the WAN1 IP and the host-name does not work. 2) I had to allow PAP, CHAP and MS-CHAP v2 on my PC before the connection would establish successfully. Now the VPN connection works.
... View more
Sep 26 2022
6:43 AM
OK, I will ask the ISP to create and Public IP for me and move the Meraki to the new address. Fingers crossed this solves the issue.
... View more
Sep 26 2022
6:31 AM
Yes, this seems to be our issue. Do you think it will solve the issue if I ask the ISP to give me a public IP for the Meraki and move it out of the DMZ? They have given me a /30 IP for another device which does work OK.
... View more
Sep 26 2022
6:19 AM
To confirm the ports that should be forwarded are 500 en 4500? Are there any other ports required?
... View more
Sep 26 2022
4:10 AM
My Meraki sits behind a Mikrotik Router that is managed by the ISP. Accoring to the, all incoming traffic to the Public IP is being forwarded to the Meraki. They sent me their Firewall rules to look at. I'm not an expert in Mikrotik friewalls but it seems in order to me. This is what they have sent: 0 chain=srcnat action=masquerade src-address=!41.138.70.12/30 out-interface=Client_Details log=no log-prefix="" 1 chain=dstnat action=dst-nat to-addresses=192.168.0.91 protocol=tcp dst-address=41.76.33.18 dst-port=!8291,2000,8728 log=no log-prefix="" 2 chain=dstnat action=dst-nat to-addresses=192.168.0.91 protocol=udp dst-address=41.76.33.18 dst-port=!8291,2000,8728 log=no log-prefix="" 3 chain=dstnat action=dst-nat to-addresses=192.168.0.91 protocol=gre log=no log-prefix="" 4 chain=srcnat action=masquerade dst-address=192.168.0.91 log=no log-prefix=""
... View more
Sep 26 2022
3:59 AM
Firmware Up to date Current version: MX 16.16 It says up to date.
... View more
Sep 26 2022
1:29 AM
Update! I have worked with my ISP to ensure that all traffic is forwarded to my Meraki. I've also added two rules to my Firewall (L3) to allow all traffic on ports 500 and 4500. When I do a packet capture on the internet interface, I get a lot of traffic on port 4500 and some traffic on port 500. However when I do a packet capture on the "Client VPN" interface, then no data is captured or recorded in the pcap file. It seems that the connection request does not reach the Client VPN interface. Do you have any suggestions where I can look to check the traffic is allowed to reach the Clinet VPN? Also I get a different error no that before: "The connection was terminated by the remote computer before it could be completed" When I look in the Windows event log I get error code: 628.
... View more
Sep 22 2022
11:57 PM
Hello, I'm back at the office. We can setup a test whenever you are ready.
... View more
Sep 22 2022
11:56 PM
Hi, I used this script tool to create a VPN Profile. The result is the same when I try to connect the VPN. Thanks for the advice though, the script tool is handy. Question: If I run the script by clicking on it an select "Run script" it fails. I opened the script in ISE and tried to run it and got an error "Unable to remove existing instance(s) of TFD Meraki profile: Access denied" I then re-opened ISE in administrator mode and then the script executed fine. Is there a way to run the script as an administrator without opening ISE?
... View more
Sep 22 2022
7:49 AM
For a quick test I can allow that. However it is time for me to go home now and I will only be back in the office tomorrow morning. Can we take this up again tomorrow? I will send a reply when I am back in the office tomorrow. (Thank you very much for your assistance so far, it is very much appreciated).
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 19877 | Oct 11 2022 11:54 PM | |
| 31595 | Sep 10 2021 2:26 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 2 | 2623 | |
| 2 | 1700 | |
| 1 | 7494 | |
| 1 | 1586 | |
| 1 | 1602 |
