Meraki

Steve-Potter · ‎Jul 11 2023

I have a strange config issue here

Internal web server with a few sites accessible via https 443 from specific IP's

name uplink protocol public port Lan IP local port allowed remote IPs

webserver Both TCP 443 192.168.1.1 443 a list of 20-30 ip's for access & pingdom etc.

All works fine, website is IP restricted and operates as it should internally and externally from the remote IPs listed.

I now want to add a different port forward for another service, this is using a different port, and works fine internally but not from external, UNLESS the external IP is in the previous port forwards allowed remote IP list

name uplink protocol public port Lan IP local port allowed remote IPs

status Both TCP 444 192.168.1.1 444 Any

It seems the first entry allowed remote IP's overrule the subsequent allow list, even when configuring a different local IP the Any IP doesn't work, but the previous list does...

I might be missing something here but logically it should work.

PS I know I can add multiple 1:1 NAT's but need to know about this.

Thanks

Steve

PhilipDAth · ‎Jul 11 2023

That should work. It sounds like a bug.

View solution in original post

alemabrahao · ‎Jul 11 2023

What service is running on port 444? Is HTTPS not correct?

If you have a public IP available, try using 1:1NAT, you can allow several ports for a single IP.

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX#...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PhilipDAth · ‎Jul 11 2023

That should work. It sounds like a bug.

Steve-Potter · ‎Jul 12 2023

Update:

Strangely again, it started working today, and looking at the dashboard, the order of port forwarding rules has changed with the port 444 placed first....hmm

Steve

Meraki

Community

Port Forwarding

Port Forwarding