Community Record
8
Posts
0
Kudos
0
Solutions
Badges
Jun 5 2023
4:39 PM
That's what I need to know, is that something that pretty much all OS are supporting? EAP-TTLS/PAP? Would it also work with MFA? Thanks.
... View more
May 29 2023
10:28 PM
Hi Guys, One of my clients uses Meraki Wifi solution + on-prem ISE 3.1 + on-prem AD. Everything works fine. Now, they would like to migrate to Azure AD and use it as an identity store for Radius. The Meraki documentation below states there is an integration between ISE 3.1 and AAD, and it uses EAP-TTLS with PAP. @https://documentation.meraki.com/MR/Meraki_WiFi_in_a_Box_Design_Guide_(CVD) The question is whether someone has deployed this in real life and if there are any caveats or restrictions. What I am also trying to find is would MAC OS or IOS users be supported or only Windows-based endpoints. Thanks so much for your help in advance!
... View more
May 31 2022
4:06 PM
Thanks so much, mate! It's amazing! I really appreciate your time for setting up the scenario and sharing the results! It's brilliant!
... View more
May 30 2022
8:43 PM
Thanks mate! So I understand Meraki would re-establish IPSEC over WAN2 and as long as 2 tunnels are pre-configured on Azure VPN gateway - we should be fine
... View more
May 29 2022
4:54 PM
Thank you! So does it mean IPSEC failover to secondary WAN2 will work with Azure VPN Gateway? Did anyone try this? If we configure 2 x different IPSEC tunnels on Azure VPN gateway with different destination IPs (one per ISP), and only one IPSEC tunnel from MX to Azure VPN Gateway, when failover from WAN1 to WAN2 occurs would the tunnel be re-established over the secondary ISP?
... View more
May 27 2022
5:35 AM
Thanks, how did you manage to verify this? Does it mean that IPSEC tunnel on the MX is not tied to a specific WAN interface - it will use whatever is available at the moment with WAN1 being the preferred? I could not find any configuration setting that would specify source interface for the IPSEC NON-Meraki tunnel.
... View more
May 27 2022
3:29 AM
Thanks a lot - I saw this example. I was trying to do something a little bit different though - configure just one single tunnel on Meraki MX with Destination IP being Azure VPN Gateway in Region 1. On the Azure VPN Gateway configure two seperate IPSEC tunnels with different destination IPs - one with destination IP of the Left MX WAN1 and the second one with Destination IP of Left MX WAN2. If WAN1 fails or ISP1 fails - MX will detect this using DPD and start initiating IPSEC tunnel over WAN2. Azure VPN gateway should accept the request as the second tunnel was pre-configured. Hope that makes sense.
... View more
May 26 2022
11:19 PM
Hi Team, Can you please help me to understand whether or not this topology would work? The idea is configure 2x seperate IPSEC VPN tunnels on Azure VPN gateway (each would have a relevant destination VIP per ISP) and have only one Tunnel configured on the MX-250 with destination IP being VPN gateway public IP. What I don't understand in case of WAN1 (ISP1) failure - direct or indirect, would the tunnel automatically re-build with WAN2 source IP or not?
... View more
