Meraki

Community
  • About mpgioia

About mpgioia

Re: Non-Meraki VPN; proxy id's, .. how to specify NEAR subnets ?! <shrugs s...

by in Security & SD-WAN
‎Nov 27 2019 7:35 AM
‎Nov 27 2019 7:35 AM
I can do it.. No biggie. ... View more

Re: Non-Meraki VPN; proxy id's, .. how to specify NEAR subnets ?! <shrugs s...

by in Security & SD-WAN
‎Nov 27 2019 3:39 AM
‎Nov 27 2019 3:39 AM
Surely the two of you have raised this as 'make a wish' or whatever that feature is in the console/dashboard ? Or is there an 'ideation' area in the community for such a thing ? How do we get Meraki to inject this into its development cadence.  The merit is blindingly obvious to attack.. ... View more

Re: Non-Meraki VPN; proxy id's, .. how to specify NEAR subnets ?! <shrugs s...

by in Security & SD-WAN
‎Nov 25 2019 7:29 AM
1 Kudo
‎Nov 25 2019 7:29 AM
1 Kudo
I'm going to have to get the other side to add them in.. (very silly/limiting), and then i'll firewall out the traffic. .. This is commoditised IPSEC S-2-S capability.. amazed you can't have a NEAR/FAR specified set per peer.. You can have FAR per peer.. but not NEAR.. :facepalm ... View more

Non-Meraki VPN; proxy id's, .. how to specify NEAR subnets ?! <shrugs shoul...

by in Security & SD-WAN
‎Nov 25 2019 7:18 AM
‎Nov 25 2019 7:18 AM
I have a basic setup. 4 x Meraki MX's across 4 sites.  All talking to each other via Meraki S-2-S VPN. Under ../manage/configure/vpn_settings I have the networks propagated with the drop down of 'VPN participation' : 'On'... they are two wide /16 networks. One of those four Meraki sites.  has an additional peer to a Non-Meraki VPN implementation. I have three new routes (3 x more specific /24's in those greater /16 network's defined above) defined on the MX interfaces so I can also set the 'VPN participation' : 'On' for them too. Set up the peer as per normal.    Here's the kicker. The far end implementation is seeing Phase 1 pass no probs, and even Phase 2, but then complaining of propagated proxy id's.  It's seeing one of the wide /16 networks.  Half understandable.. because.. for some reason.. we can't specify NEAR subnets in the non-meraki VPN peer setup ? Only FAR subnets ? (via the 'private subnets' field) ?! Surely, there's a way to do this... ... View more

Re: Policy Based Routing on MS250 or MX250

by in Switching
‎Apr 12 2019 6:57 PM
1 Kudo
‎Apr 12 2019 6:57 PM
1 Kudo
Yeh wow.. ok.. Any roadmap to include PBF/source based routing that we know of ? ... View more

Re: Policy Based Routing on MS250 or MX250

by in Switching
‎Apr 12 2019 12:39 AM
‎Apr 12 2019 12:39 AM
What about if I have an MX with non-meraki / non-auto vpn peers.. can I policy based route destined to that vpn (instead of a default route 0.0.0.0/0, aka Internet route) ?   @PhilipDAth.. and specifically in this instance.. I don't want any SNAT to occur .. even though it's bound out a WAN interface.. but technically to a non-meraki VPN peer destination.   Will that work ? ... View more

Re: Block ICMP with MS ACL ?

by in Switching
‎Dec 3 2018 2:43 AM
‎Dec 3 2018 2:43 AM
Disappointing ~~ ... View more

Block ICMP with MS ACL ?

by in Switching
‎Dec 2 2018 8:15 PM
‎Dec 2 2018 8:15 PM
The ACL state-machine/architecture doesn't seem like it facilitates blocking on non L4 protocols, aka L3 protocol ICMP ? https://documentation.meraki.com/MS/Other_Topics/Switch_ACL_Operation I can't block ICMP with this MS ACL engine ? ... View more
© 2025 Cisco Systems, Inc.