Meraki

Community

Problem with MX67 and logs Non-Meraki / Client VPN

Solved
SimoneP
Conversationalist
‎Feb 24 2021 5:49 AM
‎Feb 24 2021 5:49 AM

Problem with MX67 and logs Non-Meraki / Client VPN

I have a problem with an MX67. In the logs I continuously see this repeating itself every moment:

Cattura.PNG

 

 

 

For this place and appliance, site-to-site is off as it is not needed. Only the option of the VPN client is active.

But currently no one is trying to VPN to the network. What are these logs due to?

0 Kudos
1 Accepted Solution
DensyoV
Meraki Employee
Meraki Employee
‎Mar 1 2021 7:11 PM
‎Mar 1 2021 7:11 PM

Hi

 

just to add if you still see those logs, you can take a packet capture on the Internet interface of your MX to see which IP is it coming from, using the Wireshark application, use the filter udp.port==500

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.

View solution in original post

5 Replies 5
CptnCrnch
Kind of a big deal
‎Feb 24 2021 9:37 AM
‎Feb 24 2021 9:37 AM

Client VPN is also based on IPSec (L2TP over IPSec to be strict).

 

Looks like somebody is connecting to your device, possibly simply portscanning. Another possibility could be a misconfigured client trying to get access.

DensyoV
Meraki Employee
Meraki Employee
‎Mar 1 2021 7:11 PM
‎Mar 1 2021 7:11 PM

Hi

 

just to add if you still see those logs, you can take a packet capture on the Internet interface of your MX to see which IP is it coming from, using the Wireshark application, use the filter udp.port==500

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
In response to DensyoV
SimoneP
Conversationalist
‎Mar 3 2021 2:06 AM
‎Mar 3 2021 2:06 AM

I confirm, I found the external ip. It comes from a well-known provider, I don't understand why.

0 Kudos
In response to SimoneP
SimoneP
Conversationalist
‎Mar 3 2021 3:17 AM
‎Mar 3 2021 3:17 AM

Meraki MX does it not offer the possibility to block an incoming address?

0 Kudos
In response to SimoneP
DensyoV
Meraki Employee
Meraki Employee
‎Mar 3 2021 4:57 PM
‎Mar 3 2021 4:57 PM

Hi,

 

The MX is definitely dropping all inbound traffic by default unless you configure 1:1 NAT, 1:Many NAT or port forwarding. However, it doesn't really have any control of the incoming traffic, it is up to your service provider if they can block certain traffic from reaching your MX.

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.