Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Badr-eddine
Badr-eddine
Getting noticed
Member since Feb 13, 2023
Friday
Community Record
54
Posts
50
Kudos
7
Solutions
Badges
a month ago
2 Kudos
I found the solution: it's a common issue with AnyConnect DTLS negotiation. You need to open UDP port 443 alongside TCP port 443 on the MX/vMX firewall.
... View more
Oct 10 2024
10:10 AM
Hello, by any chance, has anyone identified the root cause of the recurring instability at the beginning of the VPN session? Thanks.
... View more
Sep 23 2024
1:18 AM
Thank you for your reply. Unfortunately, this solution is not applicable in my situation, as the NAS is embedded within the internet router, which means it cannot be unplugged 😞
... View more
Sep 20 2024
2:26 AM
Hi, I’m looking for advice on an issue we're encountering after migrating one of our sites to Meraki SD-WAN. We have both an MPLS link and an Internet link at this network, and we can not have multiple VLANs on the WAN router. The internet router includes an embedded NAS that is currently only accessible by users on the local LAN. Our goal is to allow all networks and users across the organization, including remote users (VPN AnyConnect), to access this NAS. Has anyone had success with advertising the WAN subnet to the AutoVPN domain, or found an alternative solution? Thanks in advance for your help!
... View more
Labels:
- Labels:
-
Auto VPN
-
Client VPN
-
Other
Jul 25 2024
12:41 AM
2 Kudos
Hello, Other than the notes section, I think you can add a tag to the network indicating the providers. This can help you quickly identify which networks are using which providers and give you an overview
... View more
Jul 17 2024
6:37 AM
Hello @ww, Thank you for your reply. I am wondering if we lose Internet access, will the static routes to the MPLS network continue to function without any issues?
... View more
Jul 16 2024
2:31 AM
Hello, Thank you for your insights, However, is it possible to establish an Internet breakout using an existing MX HUB that already has Internet access and add a default gateway on the MPLS network specifically for Meraki management traffic?
... View more
Jul 15 2024
3:54 AM
Hi, Thank you for your response. Unfortunately, that’s not the case, and we can't ask for it at this time 😞
... View more
Jul 15 2024
3:22 AM
Hi Community, We are planning to migrate to the Meraki SD-WAN solution. Currently, our branches have both MPLS and Internet connections, with sites interconnected via the MPLS network. To ensure a smooth migration and a reliable rollback plan, we need to maintain connectivity between migrated branches and other sites using the MPLS network. We are considering two solutions: Use WAN1 for MPLS and WAN2 for Internet: Create a static route that directs internal traffic to the gateway of WAN1 for each migrated site. Use WAN1 for MPLS, WAN2 for Internet, and an additional port for MPLS: Create a static route that directs internal traffic to the gateway of the additional port for each migrated site. We would appreciate any insights or experiences from those who have successfully implemented a similar solution. Please note that we can implement one of these solutions on the HUBs, but we have limited bandwidth on the MPLS. Thank you !
... View more
Jul 2 2024
4:37 AM
Hello, Is there a new solution for this use case? Would integrating SAML with Meraki AnyConnect resolve the problem? Thanks.
... View more
Apr 24 2024
4:14 AM
Hello, I believe the best available approach for backup is to provision from the beginning your organizational infrastructure using Meraki Terraform provider. This approach ensures that you consistently maintain a clear picture of what's deployed under the Terraform state file. Consequently, if any manual changes occur, you can simply execute Terraform apply across your organization's setup to restore it effortlessly. Alternatively, you can opt for Meraki third-party tools to manage your backup needs. Please let me know if this addresses your concerns.
... View more
Apr 18 2024
1:32 AM
Hello, You can implement the solution you mentioned, which involves NATing the inside subnet 10.67.103.0/24 to the IP address 172.19.236.214. Ensure that PORT2 is configured as the WAN port, as by default, Meraki performs NAT for traffic going outside using the WAN interface. Please let me know if this resolves your issue.
... View more
Feb 8 2024
12:34 AM
2 Kudos
I didn't find a straightforward solution using Meraki MX since it lacks this feature.However, I previously managed this task with legacy Cisco ASA firewalls :). The workaround involves manually creating objects at the Meraki organization level for each CIDR and organizing them into object groups for each country or region, then setting up corresponding firewall rules. For instance, you can explore IP CIDR or range by country using resources like this example: https://github.com/herrbischoff/country-ip-blocks Another consideration for the most secure approach is to eliminate this attack surface altogether and replace direct access with VPN connectivity.
... View more
Feb 7 2024
3:26 AM
Unfortunately, the dashboard event log hasn't uncovered any significant details about this issue. Additionally, the device logs indicate that the printer is unable to connect to the server. Given recent changes in email policies by Google Workspace and Yahoo, I'll investigate the potential impact of these updates on the scan to mail service.
... View more
Feb 7 2024
3:14 AM
I removed all restrictions to see if there was any rule blocking the flow, but unfortunately, that didn't resolve the issue. I have doubts that it's related to a problem with the firmware version.
... View more
Feb 6 2024
9:46 AM
Hello community, Has anyone encountered an issue with scan to email not working when using a specific MX firmware? Do you have any recommended configurations for the MX or specific options that need to be set? I appreciate your help!
... View more
Jan 8 2024
8:56 AM
Hello, Could you try this solution, which might help you: https://developer.cisco.com/codeexchange/github/repo/baadrdeen/Meraki_vpn_hub_updater
... View more
Dec 8 2023
9:09 AM
2 Kudos
Hello, For your migration challenge, I propose two solutions without relying on third-party VPN peers: 1. Dynamic Routing Solution: - Implement OSPF or eBGP between the L3 device, old MX, and new MX at the hub. - Configure the L3 device to redistribute routes, ensuring both MXs are aware of each other's subnets. - As spokes are migrated, the new MX dynamically advertises updated subnets to the L3 device, maintaining seamless connectivity. 2. Static Routing Alternative: - Place the old and new MXs in the same VLAN for direct communication. - On the new MX, create a summary route pointing to the old MX to handle traffic for all spokes, adjusting the metric accordingly. - As spokes are migrated, add specific static routes on the old MX for corresponding subnets, directing traffic to the new MX. - Document routing changes thoroughly, communicate adjustments to the team, and regularly test connectivity during the migration. - Once all sites are migrated, remove the summary route and unnecessary static routes from the old MX to complete the transition. I think those solutions ensure a controlled and organized migration process without relying on external VPN peers. Feel free to ask if I overlook something!
... View more
Dec 6 2023
1:42 AM
3 Kudos
Hello, MX devices in Routed mode only support OSPF on firmware versions 13.4+, when using the "Single LAN" LAN setting. OSPF is otherwise supported when the MX is in passthrough mode on any available firmware version. This can be set under Security & SD-WAN > Configure > Addressing & VLANs. More details : https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets
... View more
Dec 5 2023
1:22 AM
2 Kudos
I completely agree with you. It would be highly beneficial to have a pre-production environment that replicates the production environment, allowing us to thoroughly test our configurations and pipelines.
... View more
Nov 24 2023
10:11 AM
Hello, Regarding your query, here's a breakdown: Option 1 is recommended If your priority is simplicity and your use case is straightforward, and it provides a more streamlined approach with fewer rules. Option 2 is recommended if you require more granular control over different subnets and ports or if your security policy necessitates distinct treatment for each combination. It allows for a more detailed and specific rule set tailored to specific scenarios. The optimal choice depends on the specific security policies and requirements of your network. Please let me know if this information addresses your question.
... View more
Nov 23 2023
12:45 AM
Hello, I believe you are seeking documentation on the creation of switch port profiles and the assignment of these profiles to specific switches: Switch port profile: https://developer.cisco.com/meraki/api/get-organization-config-template-switch-profiles/ Assignment of the profile: https://developer.cisco.com/meraki/api/update-device/ Please let me know if the information I provided aligns with what you are looking for.
... View more
Nov 21 2023
7:27 AM
2 Kudos
Hello, SD-WAN Policies : https://developer.cisco.com/meraki/api/get-network-appliance-traffic-shaping Threat Protection : I'm unsure if we have existing endpoints for threat protection
... View more
Nov 16 2023
2:19 AM
Could you please provide additional information regarding the deployed topology? How the AWS and the SRX are connected ?
... View more
My Accepted Solutions
| Subject | Views | Posted |
|---|---|---|
| 542 | Apr 18 2024 1:32 AM | |
| 665 | Dec 6 2023 1:42 AM | |
| 2001 | Nov 7 2023 12:53 AM | |
| 1425 | Oct 18 2023 1:28 AM | |
| 857 | Sep 22 2023 3:33 AM | |
| 2238 | Jul 15 2023 5:36 AM | |
| 993 | Jun 22 2023 2:38 AM |
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 7 | 6579 | |
| 4 | 1425 | |
| 3 | 665 | |
| 3 | 857 | |
| 3 | 4404 |
© 2024 Cisco Systems, Inc.
