Your VPN traffic won't be sent unencrypted. It'll be encapsulated within the IPSEC tunnel. Setting encryption to optional has to do with how the user name/password is transmitted. Win10 does not support -Encryption Required for PAP or CHAP. So it assumes that -Encryption Required is correct, and will eventually change your password protocol to EAP and MS-CHAPv2. Then you get tickets about "broken" VPN connections. When you created the account with PowerShell using -Encryption Required, you should have seen an error like this: Add-VpnConnection -name Testbob -ServerAddress testbob.com -TunnelType L2tp -EncryptionLevel Required -L2tpPsk testbob -AuthenticationMethod pap
Add-VpnConnection : The current encryption selection requires EAP or MS-CHAPv2 logon security methods. PAP and CHAP
do not support Encryption settings 'Required' or 'Maximum'. : The parameter is incorrect.
At line:1 char:1
+ Add-VpnConnection -name Testbob -ServerAddress testbob.com -TunnelTyp ...
+ CategoryInfo : InvalidArgument: (AuthenticationMethod:root/Microsoft/...S_VpnConnection) [Add-VpnConnec
+ FullyQualifiedErrorId : WIN32 87,Add-VpnConnection
... View more
Hey @ZDonaldson, Thank you for your valuable feedback and I'm sorry to hear you are not very happy with the lack of some functionality. Meraki tends to be a very customer-centric company and that's why we normally try and encourage people to make the requests via the Make a Wish button. These get actually read and prioritised based on the amount of people that are requesting them. I know finding a feature you deem basic missing can be very frustrating, but we have various types of different industries using our products and a also a number of people that are not technical but still have to manage a network; some customers are not really interested at all in going "in depth" on who is doing what in their network and what we see as crucial is different for them. On a personal level, being a bit of a security control freak, I tend to agree with you and say that seeing who's being blocked is quite crucial to ensure the appropriate conversations are had with the abusing people. I perceive we have done some progress in this regard with the Security centre, which gives details on what is going when there is security breaches and malware issues. This feature could be expanded to cover firewall rules as well, but the only way to get this on the radar is to flag a need for it. I think the best way to interact with Meraki is don't get frustrated, but make your voice heard as we definitely listen 🙂 Thanks! Giacomo
... View more
Hi, You need to allow traffic between your subnet and the Microsoft cloud and the link provided by @AjitKumar has all the details you may need to configure rules on the MX. You can find a full list of Office 365 and SfB addresses and ports here: https://support.office.com/en-us/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US
... View more