Meraki

Community

MX100 – How to forward ports 80/443 to internal Nginx without breaking VPN

Solved
ViniciusCaetano
New here
2 hours ago
2 hours ago

MX100 – How to forward ports 80/443 to internal Nginx without breaking VPN

Hi everyone,

I have an MX100 where the default VPN port is 443. I need to forward ports 80 and 443 to an internal Nginx server, but I want to avoid any impact on the VPN connection.

What would be the recommended way to configure this on the MX?

  • Is it possible to change the VPN port in order to free up 443 for Nginx?

  • Or is there a way to keep the VPN running on 443 and still publish Nginx internally?

The goal is to expose a web service hosted on an internal machine, while preserving VPN stability.

Thanks in advance for any guidance.

0 Kudos
1 Accepted Solution
In response to ViniciusCaetano
rhbirkelund
Kind of a big deal
Kind of a big deal
2 hours ago
2 hours ago

That should be possible. Usually I go with 8443. 

The users will have to explicitly enter the port when using VPN, if you change it to something different from 443. E.g. they'ææ have to enter vpn.acme.org:8443 in the VPN client. Also, if they have a certain VPN profile installed on their computers, that'll have to change aswell. But, other than that, it should be Okay. 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.

View solution in original post

3 Replies 3
rhbirkelund
Kind of a big deal
Kind of a big deal
2 hours ago
2 hours ago

I am not sure if you can forward 443 to your nginx server if it is also being used for VPN. You could try and see if the MX picks up the VPN, before forwarding traffic to nginx. 

Otherwise you'll need to change the AnyConnect VPN port to something other than 443. This can be done on the Client VPN page. 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
0 Kudos
In response to rhbirkelund
ViniciusCaetano
New here
2 hours ago
2 hours ago

I thought about changing the VPN port to another one, like 4430, and then forwarding all traffic on 80/443 to my Nginx server. Is that possible? I’m concerned it might break something.

0 Kudos
In response to ViniciusCaetano
rhbirkelund
Kind of a big deal
Kind of a big deal
2 hours ago
2 hours ago

That should be possible. Usually I go with 8443. 

The users will have to explicitly enter the port when using VPN, if you change it to something different from 443. E.g. they'ææ have to enter vpn.acme.org:8443 in the VPN client. Also, if they have a certain VPN profile installed on their computers, that'll have to change aswell. But, other than that, it should be Okay. 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.