Meraki

Community

Block port 50001 across MX Auto-VPN?

Solved
PeterJames
Head in the Cloud
‎Apr 23 2019 3:13 AM
‎Apr 23 2019 3:13 AM

Block port 50001 across MX Auto-VPN?

Hi,

 

Can anyone advise the easiest way to block port (50001) traffic across our sites.

 

MX Range with Auto-VPN.

 

Thank you,
Peter James

0 Kudos
1 Accepted Solution
charles07
Getting noticed
‎Apr 23 2019 3:47 AM
‎Apr 23 2019 3:47 AM

Just create a VPN firewall rule;

  1. Security & SD-WAN > Configure > Site-to-site VPN
  2. Under "Organization-wide settings"
  3. Add a "Site-to-site outbound firewall" rule
  4. Policy: Deny
    Protocol: Select UDP or TCP
    Source: any
    Src port: any
    Destination: any
    Dst port: 50001

 

Do the same for "Site-to-site inbound firewall" rule too.

 

View solution in original post

3 Replies 3
ww
Kind of a big deal
Kind of a big deal
‎Apr 23 2019 3:31 AM
‎Apr 23 2019 3:31 AM

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior

0 Kudos
charles07
Getting noticed
‎Apr 23 2019 3:47 AM
‎Apr 23 2019 3:47 AM

Just create a VPN firewall rule;

  1. Security & SD-WAN > Configure > Site-to-site VPN
  2. Under "Organization-wide settings"
  3. Add a "Site-to-site outbound firewall" rule
  4. Policy: Deny
    Protocol: Select UDP or TCP
    Source: any
    Src port: any
    Destination: any
    Dst port: 50001

 

Do the same for "Site-to-site inbound firewall" rule too.

 

In response to charles07
ww
Kind of a big deal
Kind of a big deal
‎Apr 23 2019 3:55 AM
‎Apr 23 2019 3:55 AM

inbound does not work, see previous link.

 

@charles07 wrote

 

Do the same for "Site-to-site inbound firewall" rule too.

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.