Meraki

Community

About GStarkie

Re: VPN Packet Capture not working?

by in Security & SD-WAN
‎May 16 2022 1:21 AM
‎May 16 2022 1:21 AM
Hi Crocker,   I didnt know that had happened, if machine cert mapping is broken then the handshake should fail as the cert for the RADIUS server wouldnt be trusted.   The logs I do see suggest all is well until the client tries to return its cert, we see that leave the client machine, we also see it leave the WiFi AP and the switch but then we cannot see it traverse the VPN. We have had Microsoft check and they insist it never reaches their side, we had Meraki check and they say the cert is going through the VPN tunnel so its proving awkward to verify.   Thanks for the info. ... View more

Re: VPN Packet Capture not working?

by in Security & SD-WAN
‎May 16 2022 1:16 AM
‎May 16 2022 1:16 AM
Hi,   When we take a pcap on the WiFi AP, we see no DF marked packets.  ... View more

Re: VPN Packet Capture not working?

by in Security & SD-WAN
‎May 11 2022 1:54 PM
‎May 11 2022 1:54 PM
Hi ww,   Thanks for the reply, if we cannot capture on the tunnel interfaces its back to an ASA or Juniper for testing.   In a bit of a stale mate as Microsoft are saying all is good in Azure, Meraki are saying all is good on the Meraki but we cannot get eap-tls WiFi auth working. the client cert never reaches the NPS boxes but we cannot prove where it vanishes.   Thanks for the info G   ... View more

Re: VPN Packet Capture not working?

by in Security & SD-WAN
‎May 11 2022 1:47 PM
‎May 11 2022 1:47 PM
Hello,   thanks for the reply, i can confirm we have no filter, a pcap on any of the available site-to-site VPN options results in an empty pcap. i can see traffic on the WiFi AP / LAN / and internet but i really wanted to see the traffic in the tunnel.   Thanks G ... View more

VPN Packet Capture not working?

by in Security & SD-WAN
‎May 11 2022 10:02 AM
‎May 11 2022 10:02 AM
Hello,   anyone managed to get a successful pcap from MX VPN? I have an MX that I'm using to vpn into Azure and I cannot seem to get a pcap from it no matter what, i'm trying to troubleshoot EAP-TLS wifi and cant get a pcap for the traffic flows over the VPN (non-Meraki VPN peer).   I have tried to capture on: Site-to-Site VPN / Site-to-Site VPN over Internet 1 & Site-to-Site VPN over Internet 2 My VPN is connected via Internet 1 but tried them all just to be sure, all of them show no packets (either pcap for wireshark or display on the dashboard).   Its frustrating as it looks like we are dropping traffic somewhere and I cannot get a working pcap for the VPN traffic.   Thanks G   ... View more
Labels:
© 2024 Cisco Systems, Inc.