Hello All,
I tried to SSH into a few machines over the Client VPN today, all of them have timed-out. It was working earlier this week and no firewall changes between now and then. Any ideas?
Shawn
Solved! Go to solution.
I'd take a closer look at my logs and possibly start a Trace for these kind of connections.
Hi @soundman353
@As @CptnCrnch says try running a packet capture on the MX100 outbound interface. Run the output through Wireshark and it should give you a good idea of what’s going on.
I did Wireshark run on the Client VPN, MX LAN and the Core Switch. I see the traffic on the Client VPN capture but no where else. Every request is answered with a retransmit from the all of the devices I am trying to SSH.
Strictly speaking, you connections are getting back a Reset / RST. Sounds like there is no service listening...
Is this a trace on the client or where did you capture?
I can SSH to the any of the end points from within the LAN, so there is services listening.
It was the on the MX Client VPN via the Meraki dashboard.
Anything else between clientband SSH server? Your trace clearly shows that connection resets are being returned, so there has to be some device that does this. Normally some kind of firewall.
Without further knowledge about the setup, we can only guess...
The only firewall (other than hosts firewalls) is the Meraki MX100. I will power cycle the unit tonight and see if that clears everything.
The reboot fixed the issue.
If a reboot fixed it - then there is a software issue on the MX.
I'd be looking at doing a firmware upgrade.
It is at the highest stable firmware.
You can either be patient and wait for the next release, or try the stable release candidate ...
Since it's happening again, I think I will try the stable release.
I applied the Stable Release candidate firmware, and the problem seems to be solve.