Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Jamsession
Jamsession
Here to help
Member since Oct 4, 2023
Feb 29 2024
Community Record
7
Posts
0
Kudos
0
Solutions
Badges
Feb 8 2024
7:59 AM
One should be going in as we speak! My worry is all our servers are in azure and support may just point the finger at that configuration.
... View more
Feb 8 2024
7:34 AM
Good day everyone, I'm getting ready to switch my company from Global Protect on a Palo PA820 to Anyconnect off a MX95. Our peak client connections are about 250 devices only about 100 are over the VPN. We are running Cisco Secure Client 5.1.1.42, which to my knowledge is current. MX95 firmware: 18.107.2 To explain my issue I will be using these two subnets: VPN Clients 10.17.120.0/24 Servers: 10.16.130.0/24 | Azure based, S2S connection to the MX95. Split tunneling enable with the Server subnet included. When connected through the VPN I get some failures for RDP or share drives. I'm starting to think this is a windows issue after being on the Palo for so long. This is with hostnames and IPs I connect into the VPN then try to remote into servers and I might be able to get to: DC-server, SQL-server, etc, but not be able to connect to file-server. However, I can reach share drives that exist on the file-server. My only resolution for this is to disconnect and reconnect. Additionally, I have seen this issue in the reverse. I can RDP to file-server but not connect to share drives. Another example is not being able to connect to DC-server, but I can ping and reply. The Palo is still online and still in use by some uses as this isn't a mandated change at this point. My only thought is windows is confused. As I type this, issues seem to become less and less, but any thoughts or theories would be much appreciated!
... View more
Labels:
- Labels:
-
Azure
-
Client VPN
-
Firewall
Nov 8 2023
11:10 AM
Edit: It seems to be working successfully. I was missing a subnet in one side. Thank you again. Thanks Phil, I’ll double check my subnets. The whole purpose of this is to give on org access to a printer in the other, that’s it. Which I wish was a joke LOL. It doesn’t yet merit someone with my minimal experience pulling the rug out…yet. One thing I failed to mention is Org 2 is not on prem. All those users are going through client vpn. I did saw you touch in that topic in another thread regarding Client VPN routing through non meraki vpn. Though the answers on that question seemed to vary.
... View more
Nov 8 2023
9:21 AM
I hope it’s okay to piggy back off this question, but I have a similar situation. We have two separate meraki ORGs with a VPN connection to azure. However, we are trying to to get traffic to travel end to end through azure. Is this possible? I have site to site connections up and running successfully, but can’t seem to make the jump to the opposing ORG. I’m thinking I need a 1:1 NAT, I’m missing a subnet, or it’s just not doable.
... View more
Oct 4 2023
11:31 AM
That was it! Your file plus editing as a admin. Thank you sir!
... View more
Oct 4 2023
10:28 AM
EDIT RESOLVED!!!!- boy do i feel dumb. I wasn't making my changes as a administrator. I have no problems using Profile.xml as the profile, but still don't seem to get a ready connection on a profile that has yet to use anyconnect for the first time. It's weird because I have been scouring looking for info and what is provided is generally what I have / had done. @alemabrahao I used your exact profile format posted above thinking maybe its my file, but still the same result.
... View more
Oct 4 2023
10:04 AM
Hello, I'm trying to understand the solution here. I am currently having a similar issue. I have my xml profile packaged in win32 and deployed through intune to: C:\programdata\cisco\cisco secure client\VPN\Profile But even with the profile present the connect option does not appear. My profile name is: Profileconfig.xml Which is also uploaded to meraki for the profile update. It works if I input the host myself, but is blank before that. Here is my xml: <?xml version="1.0" encoding="UTF-8"?> <AnyConnectPreferences> <DefaultUser></DefaultUser> <DefaultSecondUser></DefaultSecondUser> <ClientCertificateThumbprint></ClientCertificateThumbprint> <MultipleClientCertificateThumbprints></MultipleClientCertificateThumbprints> <ServerCertificateThumbprint></ServerCertificateThumbprint> <DefaultHostName>myhostname</DefaultHostName> <DefaultHostAddress>myaddress</DefaultHostAddress> <DefaultGroup></DefaultGroup> <ProxyHost></ProxyHost> <ProxyPort></ProxyPort> <SDITokenType>none</SDITokenType> <ControllablePreferences></ControllablePreferences> </AnyConnectPreferences>
... View more
© 2024 Cisco Systems, Inc.
