Port 25 between Vlans and sd-wan not open

SeaTec
Conversationalist

Port 25 between Vlans and sd-wan not open

Short description of our layout.

Two sites

two mx84's

redundant internet connection on both sites

several vlans on both sites with different subnets

We have a ipo server on site 1 in vlan1010 that needs to port 25 to a secondary ipo server on site 2 on vlan1020

We can telnet test to port 2525 and the server answers.  when we try to telnet to port 25  no answer

I've been combing through the mx settings but cant see where that port would have been blocked.

 

Any suggestions?

4 REPLIES 4
ww
Kind of a big deal
Kind of a big deal

Re: Port 25 between Vlans and sd-wan not open

It can be blocked at the vpn firewall.  Or by ips/amp (security center)

 

If not, did you take a packet capture at the destination mx or server to see if the packet is going from the dst mx to the dst server at port 25? 

If you see the packet going to the server , and nothing comes back, the server is probably not allowing it

Stealth_Network
Getting noticed

Re: Port 25 between Vlans and sd-wan not open

I assumed you checked the firewall rules but also check the content filtering, VPN rules, and traffic shaping. (Content has caught me on a few unusual connections)

GreenMan
Meraki Employee

Re: Port 25 between Vlans and sd-wan not open

Have you built VPN between the sites or are you exposing the server(s) via port forwarding / NAT?   https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

SeaTec
Conversationalist

Re: Port 25 between Vlans and sd-wan not open

My apologies. A contractor swore the issues wasn't on the IPO servers when under closer inspections it was a misconfiguration of the service.  Sorry to have wasted your time but i did glean some trouble shooting pointers from you all.

 

TY

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.