Client VPN Firewall Ports

Solved
rafaelertel
Here to help

Client VPN Firewall Ports

Hey All,

 

I won't feel bad if you flame me with a RTFM, but does anyone know off hand which ports one would have to open on a firewall sitting in front of a Hub MX to let Meraki ClientVPN traffic (L2TP/IPSEC) through to said Hub?

 

UDP 500, UDP 4500, ESP 50, AH 51...? anything else, or not one of these?

 

Thanks,

 

rif

1 Accepted Solution
DarrenOC
Kind of a big deal
Kind of a big deal

TShoot doc

 

https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Resolving_NetBIOS_names_ov...

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

5 Replies 5
DarrenOC
Kind of a big deal
Kind of a big deal

UDP 500 and 4500

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
DarrenOC
Kind of a big deal
Kind of a big deal

TShoot doc

 

https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Resolving_NetBIOS_names_ov...

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Thanks man now i'll RTFM 😉

 

rif

🤣😂 no worries @rafaelertel . Enjoy, it’s an excellent read

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Today I had the same issue.

Port Forwarding UDP 500 and UDP 4500 to the inside LAN-adres of the hub will do.

Advise: test your Client VPN with a iPad or iPhone. This worked for me, immediately.

With the Apple clients you will see UDP 500 and UDP 4500 is okay.

MS Windows has problems with NAT-T (NAT Traversal) for ages.

Get notified when there are additional replies to this discussion.