MX100 Client VPN Now Blocking SSH

Here to help

MX100 Client VPN Now Blocking SSH

Hello All,

I tried to SSH into a few machines over the Client VPN today, all of them have timed-out. It was working earlier this week and no firewall changes between now and then. Any ideas?


1 Accepted Solution

The reboot fixed the issue.

View solution in original post

13 Replies 13
Kind of a big deal
Kind of a big deal

I'd take a closer look at my logs and possibly start a Trace for these kind of connections.

Kind of a big deal
Kind of a big deal

Hi @soundman353 


@As @CptnCrnch says try running a packet capture on the MX100 outbound interface. Run the output through Wireshark and it should give you a good idea of what’s going on.

Darren OConnor |

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

I did Wireshark run on the Client VPN, MX LAN and the Core Switch. I see the traffic on the Client VPN capture but no where else. Every request is answered with a retransmit from the all of the devices I am trying to SSH.



Strictly speaking, you connections are getting back a Reset / RST. Sounds like there is no service listening...


Is this a trace on the client or where did you capture?

I can SSH to the any of the end points from within the LAN, so there is services listening.


It was the on the MX Client VPN via the Meraki dashboard.

Anything else between clientband SSH server? Your trace clearly shows that connection resets are being returned, so there has to be some device that does this. Normally some kind of firewall.


Without further knowledge about the setup, we can only guess...

The only firewall (other than hosts firewalls) is the Meraki MX100. I will power cycle the unit tonight and see if that clears everything.

The reboot fixed the issue.

If a reboot fixed it - then there is a software issue on the MX.


I'd be looking at doing a firmware upgrade.

It is at the highest stable firmware.

You can either be patient and wait for the next release, or try the stable release candidate ...

Since it's happening again, I think I will try the stable release.

I applied the Stable Release candidate firmware, and the problem seems to be solve.

Get notified when there are additional replies to this discussion.