Meraki

VanDerTuch · ‎Oct 8 2024

Hello Guys,

we have SD-WAN scenario, where customer added a WEB server to spoke location and wants to access to this server via public IP on HUB and port 8080. All traffic is routing to the internet via HUB Public IP(one exit point to the internet for entire organization).

We have tried to do port forwarding on HUB location, where all incoming port(8080) should be forwarding to SPOKE location IP address 192.168.15.2, but this is not possible to add.(This IP address is not existing on local subnet).

Is this behavior ok? I think that this is quite normal scenario....

VPN is active, route is present in routing table.....

Is some workaround for this???

RoshanS

Greetings,

This would not be a support configuration option on the MX since the general idea is that we treat VPN endpoints as point-to-point connections so anything outside of that, we cannot route to.

Another example is there you cannot forward traffic from an auto-VPN spoke, to a non-Meraki VPN peer.

Having said that, there might be some options here. If you cannot send it to the spoke MX public IP and forward it from there, then maybe we can use a proxy or another L3 switch/device that has its routable SVI in the local subnet of the MX, and the MX can ARP and port forward / NAT to that IP. The L3 switch/device must then send the traffic to the server across the spoke and that should work since from the MX's perspective, that's local traffic that can be routed.

Please let us know if you have any questions, and please don't hesitate to contact support if you need assistance in setting and testing this.

Meraki

Community

Meraki SD-WAN Port Forwarding

Meraki SD-WAN Port Forwarding