Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Inbound Firewall settings for VPN to 3rd party

lpopejoy
A model citizen
‎Oct 16 2019 6:16 AM
‎Oct 16 2019 6:16 AM

Inbound Firewall settings for VPN to 3rd party

I need all users to have access to a 3rd party subnet.  However, I do not want any of the remote subnet to have access to the us.

 

We are behind an MX84, remote is an AWS VPN which we have no control over.

 

There is a site-to-site inbound firewall, but it doesn't appear to work:  Just wondering if anyone else has run into this and how it was solved. 

0 Kudos
4 Replies 4
Nash
Kind of a big deal
‎Oct 16 2019 6:30 AM
‎Oct 16 2019 6:30 AM

Hello!

 

As you have noticed, yes. The inbound firewall does not work. Meraki is aware as per this document, but the GUI element remains on the website.

 

On my linked document, I'd read the "Considerations for VPN Firewall Rules" section.

Windows 10 Client VPN scripts: Makes life better!
jdsilva
Kind of a big deal
‎Oct 16 2019 6:33 AM
‎Oct 16 2019 6:33 AM

Yeh... So this has been a thing for as long as I've been working with Meraki, about 2.5 years. 

image.png

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-site_VPN_Firewall_Rule_Behavior

 

There's also another section down lower that reads:

 

image.png

 

So I think you're out of luck here 😞

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
lpopejoy
A model citizen
‎Oct 16 2019 7:59 AM
‎Oct 16 2019 7:59 AM

Thanks @jdsilva .  It seems really strange that they leave disfunctional GUI elements in the page. 

 

I understand that VPN traffic should be stopped closer to the source - my preference as well.  Just not an option in this case.

 

It does say that this error will be resolved in a future dashboard update - does that mean this functionality will begin working at some point? 

 

Anyone inside Meraki know when this bug is slated to be resolved?

0 Kudos
In response to lpopejoy
Nash
Kind of a big deal
‎Oct 16 2019 8:03 AM
‎Oct 16 2019 8:03 AM

Based off the VPN considerations section - I wouldn't hold my breath about getting inbound rules. It explicitly states that the Meraki MX can't block inbound traffic initiated by non-Meraki peers. Not currently cannot - can't.

 

My guess is that the "error" to be resolved is the existence of the inbound firewall rules section.

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.