Meraki

Community

Port forwarding not working on MX67

svenus1977
Just browsing
‎Apr 9 2023 1:52 AM
‎Apr 9 2023 1:52 AM

Port forwarding not working on MX67

My WAN 1 is down so using WAN 2 to test but that should not affect outcome. 

 

Have configured port forwarding on matching both links, LAN server confirmed is active.

Done a packet capture on both sides, it appears that MX has dropped the SYN/ACK from the server and therefore 3-way handshake not completed.

 

Removed all firewall rules (actually the rules are not blocking anyway), still the same.  Any idea why MX is dropping the SYN/ACK only for port forwarding traffic?  

 

Other outbound traffic is fine. 

Labels:
0 Kudos
5 Replies 5
svenus1977
Just browsing
‎Apr 9 2023 2:41 AM
‎Apr 9 2023 2:41 AM

Found the fix myself. That VLAN if I enable AutoVPN, the port forwarding fails. 

Port forwarding works once I turn off AutoVPN.  Not exactly sure how the two interacts but I may perhaps configure another VLAN for the AutoVPN.

0 Kudos
In response to svenus1977
alemabrahao
Kind of a big deal
‎Apr 10 2023 3:58 AM
‎Apr 10 2023 3:58 AM

It does not make sense. Have you opened a support case?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
svenus1977
Just browsing
‎Apr 10 2023 4:22 PM
‎Apr 10 2023 4:22 PM

No, it doesn't look right to me neither. I'll try to see the best option I have now, given that I am using a workaround for production traffic, falling back to the non-working config for troubleshooting is a bit challenging. 

0 Kudos
In response to svenus1977
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 10 2023 2:19 PM
‎Apr 10 2023 2:19 PM

Are you doing a full tunnel for AutoVPN?  That would break it.

0 Kudos
In response to PhilipDAth
svenus1977
Just browsing
‎Apr 10 2023 4:24 PM
‎Apr 10 2023 4:24 PM

I'm doing split tunnel, that's why I haven't thought of turning it off until I run out of options and give it a try.  By the way, I have multiple VLANs, I just need to turn off AutoVPN for that particular VLAN that needs port forwarding to map to.  I can still keep the other required VLAN participating AutoVPN.  

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.