Meraki

Community

Inbound SSL Port forwarding to allow POST requests to URL - Anyone have experience with this?

ktv-meraki
Here to help
yesterday
yesterday

Inbound SSL Port forwarding to allow POST requests to URL - Anyone have experience with this?

Hello!

We have a vendor that needs to come into our network to reach a LAN device on port 52115 and they requested to use an inbound SSL connection.  The concept I put together is create a public DNS A record to one of our internet ports on our MX. I secured an SSL cert from Digicert and installed in on the LAN server.  Then, I created a port forward rule using the uplink WAN address used in the DNS record, TCP as the protocol, the public port as 52115 to our internal LAN IP and port 52115.  I also included the Allowed remote IPs in the port forward rule too.  The vendor has tested and is getting timeouts.  They are essentially typing in https://DNS_NAME.mydomain.com:52115 when they program a POST request to URL.  

 

Does anyone have any experience with these types of configurations?

 

Thank you so much.

Labels:
0 Kudos
7 Replies 7
RWelch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Port Forwarding and NAT Rules on the MX 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
RWelch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

By chance, does the internal LAN device have any firewall enabled or configured?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to RWelch
ktv-meraki
Here to help
yesterday
yesterday

I believe it has firewall capabilities.  It is a banking platform and any time we have a request for vendor access, we need to contact the banking provider to open the port for us.  

0 Kudos
In response to ktv-meraki
RWelch
Kind of a big deal
Kind of a big deal
yesterday
yesterday

That may very well be the reason there is NO response from that device (possibly).  Might be good to check with whoever controls that device and it's firewall settings.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
RaphaelL
Kind of a big deal
Kind of a big deal
yesterday
yesterday

If DNS_NAME.mydomain.com resolves to the public/wan IP of the MX and the port-forwarding is configured on the correct interface with the correct LAN info , that should work.

 

Do you have L7 rules that could block the return traffic ?

If you remove the allowed IPs in your portforwarding rule , can you test it with a simple online tool ( a.k.a ismyportOpen ? )

0 Kudos
In response to RaphaelL
ktv-meraki
Here to help
yesterday
yesterday

Good question, I am looking now and I don't think I have any L7 rules that would prevent them.  Thanks for suggesting the online tool.  I am going to test that now.  

0 Kudos
Mloraditch
Head in the Cloud
yesterday
yesterday

Have you tested to make sure the access works internally? I.e. can you reach internalip:52115 ? and do they have the correct default gateway set on their device? 

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.