Need Port Forwarding or NAT1 help

Here to help

Need Port Forwarding or NAT1 help

There are a few people that need to be able to remote into computers and such so I need to be able to set them up, our tech company keeps telling us they are all set but it never works.  So I need to learn how to do this myself, so please do not judge or preach.  I know this isn't the best way but with our VLANs I can't get a subnet to take to make a VPN work.  Everyone already has static IP's set up and their own ports assigned but the port forwarding or the one NAT1 I tried didn't work.  HELP, what is wrong.

Kind of a big deal

@Trisha No one is here to judge, can you post screen shots of what your config and any error messages you are getting. Hopefully between us all we can help you out. 

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Kind of a big deal

I would tend to recommend the use of Client VPN over NAT for remote access to computers.  That limits their exposure to the Internet and threats.


You can find instructions on how to configure NAT here if you don't want to use client VPN:


Next you might find it is the actual machine. For example, if you are using RDP you find find RDP is disabled on the machine, or is enabled but restricted to the local subnet.  Windows firewall could be blocking it.  If you have antivirus with a firewall it could also be blocking it.

I follow those instructions to make sure they were right

persons name/ uplink both/tcp/public port the one I put in there computer (ha not to shabby)/static IP assign to them/same port as before/than any

for the NAT 1

name (this is actually for a JACE box and might take some work on the other end if anyone is familiar with that, it controls our HVAC and Lights)

static IP

lan IP (IPV4 IP)

Internet 1

TCP/ port 88/ Any


as for the actual PC's firewall or RDP blocking it, nope that is all good these machines worked before and the pc side I am used to working with, we had some mail spammers get us one summer and our managed care guy over me shut a lot of our remoters down than we switched tech companies and no one has been able to get it back this company said when we switched to the Meraki it would be easy but it still has not worked.  I don't know about subnets.

@Trisha are you able to draw a crude diagram of how the networks are laid out, its hard to provide any assitance without knowing a bit more detail. 

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI

Not sure what you mean, I do but I  don't, let me think about this and get back to you in the morning, I am sure I will give you way to much but I think it is the only way I can explain how we work.  We have three branches (public library) but everything I am working with right now comes from here the main branch where everything (servers and stuff) resides.  So if there are only particulars you want let me know.

main internet line comes into the MX84 (input) lines going out are:

1. to us here at main branch

2. one to north branch

3. one to south branch

4. one to Voip phone system here

5. one to the WIFI switch here


VLAN's are enabled

native allowed

3. North IP and same IP again

4. phones and All

5. South IP and IP again

6. Wifi IP and IP again

1. Default   and ALL


wrong or you have not been around but I maybe have found the issue our MX did take the place of a sonicwall a few months back and that was suppose to make things so much easier for me but nothing has changed, could this be it:


1:1 NAT Rules not working properly after installing MX

and it said I should:  the upstream modem or router has not updated its ARP table and needs to be restarted or cleared. 


But umm I don't know what the upstream modem is or how to update it's ARP (granted I could find out how to do the updating, if I knew what piece of equipment it is). 


could this be why nothing has changed none of those instructions has worked?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.