Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MacOS "All of a Sudden" Cannot Connect using firewall 1:1 NAT Rule - Maybe IPv6 Issue?

IT_Tropolis
Here to help
‎Jun 2 2020 11:29 AM
‎Jun 2 2020 11:29 AM

MacOS "All of a Sudden" Cannot Connect using firewall 1:1 NAT Rule - Maybe IPv6 Issue?

Hi:

 

I have numerous users working remotely on MacOS devices connecting to a web site hosted behind an MX84.  I've configured the MX84 with a 1:1 NAT rule allowing their public IP.  It's been working with months without an issues. As of yesterday, they can no longer connect, i.e. https://MyWebsiteBehindMX84.com returns error page: Server is unavailable now. Please try again later or contact your administrator.  Their public IP has not changed and we verified another non-MacOS device on their LAN can connect.

 

I'm thinking a MacOS update may have caused this issue, perhaps something to do with IPv6?  Any insights are greatly appreciated!

 

Thank you,
Bob H.

Subscribe
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 2 2020 12:35 PM
‎Jun 2 2020 12:35 PM

I would check the security centre to make sure not IPS or AMP events have fired.

 

You'll need to check one of the machines to see if they have had any recent updates.  Perhaps they now require stronger crypto and it is a TLS protected site.

 

Can the machines "ping" the web site being accessed, and does ping return an IPv4 address?

Subscribe
In response to PhilipDAth
cmr
Kind of a big deal
Kind of a big deal
‎Jun 2 2020 2:40 PM
‎Jun 2 2020 2:40 PM

If it is https, I'd check the certificate, apple have been looking at not allowing certificates over 13 months old, not sure if this has taken place yet?

 

Edit, I think this is due in September...

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.