Meraki

Community

External Port forward to VLAN on MX68

Solved
Memonic
Here to help
‎Sep 29 2020 11:01 AM
‎Sep 29 2020 11:01 AM

External Port forward to VLAN on MX68

Hey Meraki Community,

I have some problems with external port forwarding to VLAN that seems not to be working.
I have a web server running on a VLAN 5, It’s on a ESXi 7server connected direct to a MX68, connected to the internet  with cabel ADSL and cell connection. The port is configured as a trunk, as is the ESXi, and the managed ESXi network is VLAN1.
My internal client is on VLAN 13 and has NAT to 1, 5 and internet.

Port forward to webserver:80 and 443
All traffic internal is working, but I can not see my web from outside. The packet capture does not give any hit.
Any suggestions?

 

0 Kudos
1 Accepted Solution
In response to KarstenI
Memonic
Here to help
‎Sep 30 2020 2:09 AM
‎Sep 30 2020 2:09 AM

Well… It turns out that my ISP provider did change some settings when the added the static IP address, that conflicted with my MX. The error was that the modem was replying to some requests, ICMP was one, so after some (many) hours of frustrations, I could count the MX out of the source of problem.

The bad thing is now the ISP are not sure why my modem in transparent mode isn’t transparent…

Thanks for your effort in helping, it gave me the fresh eyes I needed… Now I hope they can fix the modem…

View solution in original post

10 Replies 10
Memonic
Here to help
‎Sep 29 2020 11:17 AM
‎Sep 29 2020 11:17 AM

Ohh and I have a Z3 VPN connected and those clients can also see the web..

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 29 2020 11:29 AM
‎Sep 29 2020 11:29 AM

What do you mean with packet capture not showing any hint. Do you see the traffic entering the MX on the internet port?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
Memonic
Here to help
‎Sep 29 2020 11:45 AM
‎Sep 29 2020 11:45 AM

Yes, but only for the VPN, seems the MX ignores 80 and 443 from external to the web-server ip.

0 Kudos
In response to Memonic
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 29 2020 12:21 PM
‎Sep 29 2020 12:21 PM

What kind of device do you have in front of the MX? Perhaps something is filtered there. Because TCP 80/443 for sure can be forwarded.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
Memonic
Here to help
‎Sep 29 2020 12:35 PM
‎Sep 29 2020 12:35 PM

It's a Sagemcom fast 3890V3 modem in bridge mode.

0 Kudos
In response to Memonic
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 29 2020 12:51 PM
‎Sep 29 2020 12:51 PM

Is this a modem that you use with PPPoE? At least my MX with v15 behaves a little bit strange. The first capture on the internet port has to be done with the filter "pppoes and ip" to see any result. After that, the capture works normally.

 

Can you ping the MX interface (make sure it is enabled on the firewall page) and can you see that ping in the packet capture?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
Memonic
Here to help
‎Sep 29 2020 2:13 PM
‎Sep 29 2020 2:13 PM

Yes it's a DSL modem.
Fun part is that the VPN connection is established without any delays, issues or anything, and both through the VPN or internal the access to the server is working fine.
My MX has just been updated to version MX 14.53, stated at the last one.
I’ll verify the ping later, but as I remember it reply on enabling but cant remember if it is in the capture

0 Kudos
In response to Memonic
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 29 2020 2:59 PM
‎Sep 29 2020 2:59 PM

Does your MX have a public IP address on its WAN interface?

In response to PhilipDAth
Memonic
Here to help
‎Sep 30 2020 2:13 AM
‎Sep 30 2020 2:13 AM

Yes it has one static for the WAN 1 and one dynamic for the cellular link

0 Kudos
In response to KarstenI
Memonic
Here to help
‎Sep 30 2020 2:09 AM
‎Sep 30 2020 2:09 AM

Well… It turns out that my ISP provider did change some settings when the added the static IP address, that conflicted with my MX. The error was that the modem was replying to some requests, ICMP was one, so after some (many) hours of frustrations, I could count the MX out of the source of problem.

The bad thing is now the ISP are not sure why my modem in transparent mode isn’t transparent…

Thanks for your effort in helping, it gave me the fresh eyes I needed… Now I hope they can fix the modem…

Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.