Both MX hub sites trying to talk on UDP 4314 & 4191 - Can't work out why

BazMonkey
Getting noticed

Both MX hub sites trying to talk on UDP 4314 & 4191 - Can't work out why

We have two of our SD-WAN Hub MX's VRRP IPs trying to establish comms to a public IP owned by Vodafone in New Zealand. We do have some sites using Vodafone NZ internet links but I've checked all our spoke public IPs and don't get a match.

 

Nothing in the Merkai doco to suggesting 4314 & 4191 might be used for in normal operations.

 

The source IPs are the VRRP addresses of both MX HA pairs.

 

Any ideas that it might  be doing?

2 REPLIES 2
Bruce
Kind of a big deal

Meraki Auto VPN uses random UDP ports for connectivity between sites, it could be that Auto VPN trying to establish connectivity. However, Auto VPN should only try connecting to other MX/Z devices in your organisation. The ports and IP addresses are all contained within the VPN registry, but you’ll need to log a support case to have them look at that for you.

 

Is it possible it’s just an internal application being NATed out as it’s meant to? You would need to capture Syslog of the flows through the MX and see if you can find the relevant flow.

 It's in passthough mode so no NAT going on here.
It only happened for about 15 minutes from our FW logs and not doing it again.

 

Was a bit strange. I'll monitor it. Seems to sit outside the AutoVPN ports.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels