Hi rmiller,

prerequisites for the following cli commands are the following:

- ASA sw version is 8.3 or later;

- NAT  to allow internet access for AP Subnet is already configured;

- An ACL is already applied to FW interface facing AP Subnet LAN and you know it's name.

So first we define network object groups that will be part of your ACL:

  object network Meraki_Cloud_Subnet1
subnet 108.161.147.0 255.255.255.0
object network Meraki_Cloud_Subnet2
subnet 199.231.78.0 255.255.255.0
object network Meraki_Cloud_Subnet3
subnet 17.0.0.0 255.0.0.0
object network Meraki_Cloud_Host1
host 64.156.192.245
object network Meraki_Cloud_Host2
host 64.62.142.12
object-group network Meraki_Cloud
network-object object 108.161.147.0
network-object object 199.231.78.0
network-object object 64.156.192.245
network-object object 64.62.142.12

Then we define service object groups:

object-group service Meraki_udp udp
port-object eq 1812
port-object eq 7351
port-object eq 9350
object-group service Meraki_tcp1 tcp
port-object eq 993
port-object eq 7734
port-object eq 7752
port-object range 60000 61000
object-group service Meraki_tcp2 tcp
port-object eq 5223
port-object range 2195-2196
object-group service Meraki_tcp3 tcp
port-object eq 80
port-object eq 443
port-object range 5228-5230

And finally we'll write the ACL:

access-list [ACL NAME] remark VPN Registry and Meraki Cloud communication, 802.1X with meraki radius
access-list [ACL NAME] extended permit udp [AP-SUBNET] [AP-MASK] object-group Meraki_Cloud object-group Meraki_udp
access-list [ACL NAME] remark Bck config downloads,Bck firmware downloads, Throughput tests tool and RDP
access-list [ACL NAME] extended permit tcp [AP-SUBNET] [AP-MASK] object-group Meraki_Cloud object-group Meraki_tcp1
access-list [ACL NAME] remark iOS system manager communication
access-list [ACL NAME] extended permit tcp [AP-SUBNET] [AP-MASK] object Meraki_Cloud_Subnet3 object-group Meraki_tcp2
access-list [ACL NAME] remark Systems Manager agent communication, Android Systems Manager communication
access-list [ACL NAME] extended permit tcp [AP-SUBNET] [AP-MASK] any object-group Meraki_tcp3

Just replace [ACL NAME] with the name of the ACL applied to the interface facing AP LAN and [AP-SUBNET][AP-MASK] with the Access Points Subnet/mask.

Hope this helps,

Regards