Input those addresses in firefox and it will bring you to your concentrator local page. We recently ran into the same deal. Meraki shenanigans ... View more

That makes sense! Thank you for clarification 🙂 ... View more

You do need to purchase AnyConnect licences - they just aren't enforced.  🙂 ... View more

I'm not going to fully highjack this post.  Gonna do another one perhaps with some graphics to thoroughly explain it. ... View more

We have found that most vendors will amend their software to stop using the antiquated method of using an IP address for authentication, identification or licencing.  Have you asked the vendor for an update? ... View more

Consider adopting a shared services model.  No one buys anything from Meraki anymore, except you.  When someone needs a new device+licence you internally change them a monthly fee for it.  They get used to paying for it.  Doing licence renewals becomes easy for you. ... View more

Small discovery about this setup. I'm slowly putting this VPN in "production mode" and I started to receive feedback from users that they cannot connect because they have not enough time to perform 2FA (push notification or ms call). Radius, by default has 60seconds timeout but Meraki only 3 😉 In some newer MX firmwares you can modify this yourself at the bottom of radius configuration page, in older you need to ask the support. After I increased it also to 60seconds on Meraki side I get some improvement but still, users had only around 20seconds... I spend couple of hours with Meraki and Microsoft supports on this case without any luck and then I found this help article on DUO site! Hope it will save somebody a lot of time with troubleshooting - the problem was on client device 🙂 Windows VPN client If you are using a Windows VPN client and you continue to experience issues after you have increased the RADIUS timeout and the retries, you may need to increase the value of the MaxConfigure Registry key on the client machine to 60:  Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\MaxConfigure=60 How do I adjust the RADIUS timeout on Meraki? (duo.com) ... View more

@rabusiak wrote: Thanks for the tips 🙂 @Brash wrote: For example MX L3 firewall rules don't apply to traffic transiting a site-to-site VPN. You would need site-to-site VPN firewall rules for this traffic. So, if I create rule "deny traffic from vlan1 to "any" it will not block the traffic to networks on the other end of auto vpn tunnel? Thats kind of violation of ANY terminology 😉 Need to test that 🙂 I created standard L3 firewall rule saying block all icmp traffic between 2 hosts behind different MX devices connected with AutoVPN tunnel and traffic was blocked 🙂 ... View more