Meraki

mugrene · ‎Jan 5 2021

Dear Support;

I configured 1:1 NAT and I allowed ssh (TCP on port 22).

When I am inside my network, I can ssh into that server (with its public IP), but when I am out off office using another public IP I can't ssh into that server with its public IP

Kindly support me.

Find in attachment the config I did on my MX100 and its deployment settings

ww · ‎Jan 5 2021

Do the other ports work from a remote ip?

Then try a packet capture on internet 2 tcp port 22 to see if a session comes in at wan2. If yes, also take a capture on the lan port to see the packet go to your server.

It can also happen that traffic is coming in wan2 and leave wan1 that can cause issues. https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Utilizing_1%3A1_NAT_with_Link_Aggregatio...

DarrenOC · ‎Jan 5 2021

hi @mugrene , Firstly, happy new year.

I agree with @ww , that 1:1 NAT rule using WAN2 could be causing the issue. Is that external iP coming in via WAN2? If you run a packet capture on WAN1 or WAN2 do you see the requests come in?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

PhilipDAth · ‎Jan 5 2021

My personal guess - host-based firewall only allowing SSH connections from the local LAN.

DarrenOC · ‎Jan 5 2021

Good call @PhilipDAth

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Meraki

Community

Public IPs for servers not accessible via ssh!

Public IPs for servers not accessible via ssh!