Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Become a member of the Cisco Meraki Community today
Get answers from our community of experts in record time.
Join nowAbout tnco
tnco
Getting noticed
Member since Apr 12, 2022
4 weeks ago
Community Record
21
Posts
8
Kudos
2
Solutions
Badges
Mar 10 2025
6:54 AM
1 Kudo
In the case of Meraki's Auto vpn, the following port range is used to contact the VPN registries for the first time. After that, UDP communication is performed to each other's global IP using the following port range as the source. This uses UDP hole punching technology. https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshooting Any devices sitting upstream of a WAN Appliance will need the following destinations whitelisted so the WAN Appliance can communicate with the Auto VPN registries: Port UDP 9350-9381 IP range for non-China cloud (meraki.com): 209.206.48.0/20 158.115.128.0/19 216.157.128.0/20 IP range for China cloud (meraki.cn): 43.192.139.128/25 43.196.13.128/25 Ports used for IPsec tunneling: Source UDP port range 32768-61000 Destination UDP port range 32768-61000 I recommend the troubleshooting methods in this article. https://community-meraki-com.translate.goog/t5/-/-/ba-p/194614?_x_tr_sl=ja&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
... View more
Mar 7 2025
7:10 PM
As everyone here has said, I don't think there is a minimum MX license restriction. This is with Secure connect, you can use Umbrella features such as remote access etc, but you can use it without an MX. However, Secure connect requires a separate license as described in the following document. https://www.cisco.com/c/en/us/products/collateral/plus-as-a-service/secure-connect-now-ds.html#Productoverview If you are considering using it, we recommend that you consult with your account representative. https://documentation.meraki.com/General_Administration/Support/Ways_to_Contact_Meraki_Support#Contact_your_Account_Representative
... View more
Mar 7 2025
6:30 PM
For an one arm concentrator, I think it is correct that the default gateway points to the FW. It also needs to be separate from the client subnet as described in the following document. https://documentation.meraki.com/MX/Site-to-site_VPN/One-Armed_VPN_Concentrator_Deployment_Guide https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway#Considerations_for_VPN_and_Other_Features
... View more
Mar 7 2025
5:27 PM
If you are using two Non-merakis and have a configuration with overlapping subnets, I don't think this is a supported configuration as per the following document. Do you have specific configuration diagrams? https://documentation.meraki.com/MX/Networks_and_Routing/MX_Routing_Behavior#Private_Subnet_Configuration_on_Multiple_Non-Meraki_VPN_Peers Also, if you want to configure two tunnels with the same subnet as a redundant configuration, there are two methods in the following document. https://documentation.meraki.com/MX/Site-to-site_VPN/Primary_and_Secondary_IPsec_VPN_Tunnels https://documentation.meraki.com/MX/Site-to-site_VPN/Tag-Based_IPsec_VPN_Failover
... View more
Mar 6 2025
3:11 AM
What I introduced is a Meraki Secure connect service, so it cannot be used with an Advanced enterprise license. Therefore, I'm not sure if you'll get the answer you want, but it might be a good idea to talk to your account representative about whether these things are possible. https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco_Secure_Connect_-_Internet_Access_Policies/Cisco___Secure_Connect_-_Manage_the_Data_Loss_Prevention_Policy https://documentation.meraki.com/General_Administration/Support/Ways_to_Contact_Meraki_Support#Contact_your_Account_Representative
... View more
Mar 5 2025
2:20 AM
2 Kudos
It is output that there is an active trial, but has the Free trial been returned? https://documentation.meraki.com/Getting_Started_with_Meraki/Getting_Started_Resources/Meraki_Free_Trials#Viewing_and_Returning_a_Trial
... View more
Mar 5 2025
2:00 AM
2 Kudos
Using the DLP function of Secure connect (Umbrella), you may be able to detect and block specific strings in web communications (HTTP or HTTPS). However, I have never tried this, so I don't know if it is realistic and will meet your requirements. The following community article blocked Gmail by prohibiting the input of IP addresses. https://community-cisco-com.translate.goog/t5/-/-/ta-p/4601849?_x_tr_sl=ja&_x_tr_tl=en&_x_tr_hl=ja&_x_tr_pto=wapp#toc-hId--1108787911 https://documentation.meraki.com/CiscoPlusSecureConnect/Cisco_Secure_Connect_-_Internet_Access_Policies/Cisco___Secure_Connect_-_Manage_the_Data_Loss_Prevention_Policy
... View more
Feb 14 2025
5:47 PM
Regarding content filters, if you use the Quic protocol, it may not be possible to block it due to the nature of the protocol. This is described in the Meraki documentation. Therefore, it is possible to block such communications by blocking UDP 443 with an L3 firewall, but in that case, if a client terminal uses Quic for web communication, it may affect the communication. Therefore, it may be possible to avoid this by disabling Quic on the client terminal, but I thought that it would be difficult to do so easily if the scale is large. Also, this may not work in the case of umbrella web policy, and the workaround was to disable Quic. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering/Content_Filtering_Troubleshooting#Devices_are_still_able_to_access_restricted_content https://support.umbrella.com/hc/en-us/articles/360051232032-What-Are-the-Problems-with-Google-Services-When-Using-QUIC-and-Secure-Web-Gateway
... View more
Feb 14 2025
5:41 PM
@Aquatoes Regarding content filters, if you use the Quic protocol, it may not be possible to block it due to the nature of the protocol. This is described in the Meraki documentation. Therefore, it is possible to block such communications by blocking UDP 443 with an L3 firewall, but in that case, if a client terminal uses Quic for web communication, it may affect the communication. Therefore, it may be possible to avoid this by disabling Quic on the client terminal, but I thought that it would be difficult to do so easily if the scale is large. Also, this may not work in the case of umbrella web policy, and the workaround was to disable Quic. https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering/Content_Filtering_Troubleshooting#Devices_are_still_able_to_access_restricted_content https://support.umbrella.com/hc/en-us/articles/360051232032-What-Are-the-Problems-with-Google-Services-When-Using-QUIC-and-Secure-Web-Gateway
... View more
Feb 11 2025
8:03 PM
Hi SDG, This is based on the HTTP GET from the client device as described in this document. You should obtain a packet capture to confirm that this information is correct. Also, some clients may misidentify themselves when specifying the user agent string field in the HTTP GET request, and enforcement of device type policies is done on a best effort basis depending on the information provided by the client. If you need to enforce security-focused policies based on device type, we recommend that you use a solution such as Meraki Systems Manager or Cisco ISE. https://documentation.meraki.com/MR/Group_Policies_and_Block_Lists/Applying_Policies_by_Device_Type#Client_Identification
... View more
Feb 11 2025
1:22 PM
3 Kudos
Hi @RaphaelL The documentation states that there are limitations when using configuration templates. Are the same things observed outside of template networks? https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Next-gen_Traffic_Analytics_-_Network-Based_Application_Recognition_(NBAR)_Integration#Template_Support
... View more
Jan 21 2025
6:19 AM
Is your VPN connection normal? If it is not normal, there may be a problem with the uplink, so you need to troubleshoot according to the documentation. https://documentation.meraki.com/MX/Site-to-site_VPN/Meraki_Auto_VPN_-_Configuration_and_Troubleshooting https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Troubleshooting Uplink historical data is also useful for investigating the uplink. If the results are bad, you will know that there is a problem with the uplink. https://documentation.meraki.com/MX/Monitoring_and_Reporting/Appliance_Status/MX_Uplink_Settings#Historical_Data
... View more
Jan 20 2025
2:02 AM
Hello, I think not yet IPoE support on MX. and I am not sure future roadmap. also,Even if you contact support, I don't think you'll be able to find a roadmap for this. Regards,
... View more
Jul 14 2023
7:39 PM
既に解決済みとお見受けしますが、今後のために情報共有です。 meraki go に関することは meraki go community に質問される方が良いかもしれません。 https://community.meraki.com/t5/Meraki-Go-Japan/ct-p/go-jp
... View more
Sep 21 2022
5:36 AM
これは、すべてのSSID で起こりますか? もし、すべてのSSID で同じカテゴリ設定をされる場合、everywhere に追加することで設定可能になることを確認しました。
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 753 | Mar 10 2025 6:54 AM | |
| 964 | Mar 7 2025 6:30 PM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 3 | 1409 | |
| 2 | 418 | |
| 2 | 790 | |
| 1 | 753 |
© 2025 Cisco Systems, Inc.
