I am trying to connect an Ipad via a 3rd party VPN app (GlobalProtect) to an external large enterprise and it appears to be blocked by the MX. Tried a variety of Layer 3 settings, forwarding, whitelisting, etc and no luck. Only current firewall rule is Layer 3 default rule (Any, Any, Any...).
Someone have ideas why this wouldn't work? Ipad will connect via GP on other wireless networks, other VPN clients will connect on this network.
Have you verified that the MX is blocking the traffic? Have you taken packet captures on the LAN/WAN interface of the MX and can see that the traffic isn't passing through?
If not, I'd first get in touch with Meraki support who can help you troubleshoot in real-time to confirm if the MX is blocking the traffic.
On the packet capture, here's some samples...
xxx.xxx.xx. is the destination IP the vpn client is attempting to connect to...
xxx.xxx.xx.198.1935: Flags [SEW], seq 2856775745, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 489566124 ecr 0,sackOK,eol], length 0
xxx.xxx.xx.198.1935: Flags [.], ack 1, win 65535, options [nop,nop,TS val 489566145 ecr 1006200408], length 0
next line is:
xxx.xxx.xx.198.1935: Flags [P.], seq 1:235, ack 1, win 65535, options [nop,nop,TS val 489566146 ecr 1006200408], length 234
xxx.xxx.xx.163.443: Flags [SEW], seq 969374625, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 489566268 ecr 0,sackOK,eol], length 0
Again, vpn connects from ipad without issue on other wifi networks. In theory, it could be the cable modem but that has no firewall, dhcp, etc.