Meraki

Community

ASA to MX Issues

EHUG138
Just browsing
‎Apr 24 2024 1:08 PM
‎Apr 24 2024 1:08 PM

ASA to MX Issues

Hello, 

Moving from a ASA to MX device, I am having a few issues. Primary issue is that I can not connect to devices on VLAN6. 

We have VLAN 1(internal) and VLAN 6(production). I need a server on VLAN 1 to access devices on VLAN 6. 

The firewall rules are: 

Allow Protocol ANY Source ServerIP Dst Port ANY Destination VLAN6 ANY

Deny Protocol ANY Source VLAN 6 Scr Port ANY Destination ANY Dst Port ANY

**there is a static route to have 192.168.0.0 traffic directed to a specific IP (device) on VLAN 6. 

There were also some NAT rules configured on the ASA that have not been added to the MX:

nat (VLAN6) 0 access-list no-nat-VLAN6
nat (VLAN6) 1 0.0.0.0 0.0.0.0

I understand I may be missing something simple here but please share your thoughts. 

Labels:
0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
‎Apr 24 2024 1:17 PM
‎Apr 24 2024 1:17 PM

It would be interesting for you to share all the details, such as topology, how the configurations are on the MX side, etc.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Prestont
Here to help
‎Apr 24 2024 1:32 PM
‎Apr 24 2024 1:32 PM

you might try to add a recursive flow on the MX. 

Allow Protocol ANY Source VLAN6 Dst Port ANY Destination ServerIP ANY

and see if it works.

li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.