Meraki

Community

MX68 and OpenVPN Traffic

Solved
eroy
Just browsing
‎Nov 1 2022 7:55 AM
‎Nov 1 2022 7:55 AM

MX68 and OpenVPN Traffic

I have a network that has a 3rd party Recorder that needs to communicate back to their network monitoring appliance. They use OpenVPN to establish this connection.

 

I have setup a 1:1 NAT that allows port 1194 to the internal Servers IP address. I also have outbound rules that Allow from Any protocol/source to Any Destination/port.

 

I can see traffic passing from the internal LAN to the WAN out to the remote IP address of the Monitoring Appliance. However the connection is not being made for some reason.

 

Here is a screen shot of the LAN packet capture.

pcap on LANpcap on LAN

 

I had been directed to another post that had similar issue here, but adding the static route made no difference.

 

I have also disabled threat protection, AMP and IDP and have no URL filtering active.

 

Is there some setting that I am missing that explicitly allows OpenVPN traffic? 

 

Thank you for any assistance.

 

Labels:
0 Kudos
1 Accepted Solution
In response to eroy
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 1 2022 8:35 AM
‎Nov 1 2022 8:35 AM

Have you tried this?

alemabrahao_0-1667316757682.png

 

If you don't have any rule blocking Inbound and outbound, probably It's not an MX issue.

 

For me, It does not make sense, but you can try to create a Bonjour forwarding rule.

 

alemabrahao_1-1667316889501.png

 

 

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
9 Replies 9
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 1 2022 8:03 AM
‎Nov 1 2022 8:03 AM

I didn't understand, is this communication via VPN or via public IP?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
eroy
Just browsing
‎Nov 1 2022 8:07 AM
‎Nov 1 2022 8:07 AM

It is going over the public IP. The Meraki MX should just be passing the traffic through.

0 Kudos
In response to eroy
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 1 2022 8:09 AM
‎Nov 1 2022 8:09 AM

If it is via public IP what is the role of OpenVPN? It's a little confusing.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 1 2022 8:14 AM
‎Nov 1 2022 8:14 AM

By the way, have you tried to allow any port on your 1:1 NAT? Just for a test.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
eroy
Just browsing
‎Nov 1 2022 8:45 AM
‎Nov 1 2022 8:45 AM

I tried an any port for their remote IP. I will re-test with an any from any remote IPs just to make sure.

0 Kudos
In response to alemabrahao
eroy
Just browsing
‎Nov 1 2022 8:28 AM
‎Nov 1 2022 8:28 AM

The Recording Server that is on the internal network (192.168.1.100) it needs to communicate to their IIC Network Monitoring Appliance which they state is using OpenVPN.

 

The reason I mention OpenVPN is that the vendor believes that adaptive portion of the firewall is blocking the traffic and is asking about allowing OpenVPN traffic.

 

Which I assume I have done by allowing the NAT 1:1 for Port 1194 and also by adding an any protocol/port for their IP address.

 

0 Kudos
In response to eroy
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 1 2022 8:35 AM
‎Nov 1 2022 8:35 AM

Have you tried this?

alemabrahao_0-1667316757682.png

 

If you don't have any rule blocking Inbound and outbound, probably It's not an MX issue.

 

For me, It does not make sense, but you can try to create a Bonjour forwarding rule.

 

alemabrahao_1-1667316889501.png

 

 

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
eroy
Just browsing
‎Nov 10 2022 7:09 AM
‎Nov 10 2022 7:09 AM

I'll mark this as the accepted solution as it was not a MX issue. Thank you for your help.

0 Kudos
In response to eroy
KeenLogic
Here to help
‎Jan 31 2023 7:24 PM
‎Jan 31 2023 7:24 PM

What was the issue then?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.