cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Port forwarding to a different VLAN

SOLVED
Go to solution
Announcer
Getting noticed
‎05-10-2022 11:21 AM
‎05-10-2022 11:21 AM

Port forwarding to a different VLAN

My native vlan is 192.168.10.0.  I created a new vlan to host just the webserver mimicking a DMZ.  The new vlan20 is 192.168.20.0.  

I have allowed vlan20 in the "allowed vlan's" on the active port along with the native vlan1

The web server is 192.168.20.5 and I port forward port 80 to this address.  

However, when I move the webserver from the current .10 network to the vlan20 network, people cannot access it from the web.  What am I doing wrong or what more needs to be done?

Labels:
0 Kudos
Subscribe
1 ACCEPTED SOLUTION
Announcer
Getting noticed
‎05-19-2022 12:58 PM
‎05-19-2022 12:58 PM

Update:  Turns out the dns entry for www was pointing to old server.  Changed it to new server and access to web is ok.  Always dns....

View solution in original post

Subscribe
6 REPLIES 6
Announcer
Getting noticed
‎05-10-2022 11:52 AM
‎05-10-2022 11:52 AM

I have used Creating a DMZ with the MX Security Appliance - Cisco Meraki as a guide for this.

0 Kudos
Subscribe
In response to Announcer
KarstenI
Kind of a big deal
Kind of a big deal
‎05-10-2022 02:03 PM
‎05-10-2022 02:03 PM

  1. Did you reconfigure the Webserver for the new subnet and the correct MX IP as the gateway?
  2. Can you reach the Webserver from the MX and vice versa?
  3. Can you reach the web server from the internal network?
Subscribe
In response to Announcer
Brash
Kind of a big deal
Kind of a big deal
‎05-10-2022 02:07 PM
‎05-10-2022 02:07 PM

That's a good guide to follow.

Is your web server directly connected to the MX or elsewhere in the network?

Is the webserver tagged correctly with the new vlan?

Are you able to reach it from another computer in the network on vlan 20?

Subscribe
In response to Brash
Announcer
Getting noticed
‎05-11-2022 11:33 AM
‎05-11-2022 11:33 AM

Hi, an update here.

It is a linux machine btw.  I was able to change the current ip on it to xxx.20.5 and could ping it from vlan1 and another pc in vlan20, and from the MX.  I adjusted the port forward to xxx.20.5 port 80 but the website does not resolve.  Is there a time frame that needs syncing?

The webserver has xxx.20.1 as the default gateway which was setup with the vlan

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎05-10-2022 03:10 PM
‎05-10-2022 03:10 PM

Forget the web forwarding for the moment, and make sure the webserver has Internet connectivity.  Make sure you web browse to the Internet.

 

Once you know that works, take a look at Windows firewall (and any software firewall).  If you have moved the subnet it is in, Windows might have changed to blocking all inward ports again.

 

Once you know those two are good, come back to the inbound forwarding.  Can the MX ping the web server ok (to verify network connectivity)?

Subscribe
Announcer
Getting noticed
‎05-19-2022 12:58 PM
‎05-19-2022 12:58 PM

Update:  Turns out the dns entry for www was pointing to old server.  Changed it to new server and access to web is ok.  Always dns....

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2023 Meraki