Meraki MX still says NAT unfriendly after Port Forward config

bbartik
Conversationalist

Meraki MX still says NAT unfriendly after Port Forward config

I have an MX 250 as a VPN concentrator. It sits behind a firewall and we configured an inbound NAT (destination NAT) rule that matches the public IP of the firewall and port 65002 to be translated to the MX IP and port 65002.

 

Example: 1.2.3.4:65002 > 10.1.1.100:65002 

 

Then we configured the SDWAN settings to use the Manual method and set it to the public IP of the firewall and 65002. 

 

I can see new sessions being formed in the firewall using port 65002 but the NAT unfriendly message won't go away.

 

Questions:

 

How long does it take for that message to go away?

Is this the correct method of making it go away or did I miss a setting?

Is the only way to make the NAT unfriendly message go away, to do a full static 1:1 NAT for the MX?

 

Thank you.

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Are you sure you used UDP for the NAT and UDP for the firewall rule to allow the traffic into the MX?

 

What you have done should be sufficient to make the NAT unfriendly warning go away.

Oh man, looks like we had TCP. I will work on a config update and let you know. Thanks!

bbartik
Conversationalist

Well, this stinks...We updated the object to UDP but the error still persists. What's funny is I even see sessions on the firewall using the UDP port now. I am at a loss...

Frank-NL
Getting noticed

The warning can stay for a while. We've had the message disappearing after a couple of hours at one site I believe.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels