Meraki

Community

SSH Access Via Meraki MX to Aruba switch

AYEN
Getting noticed
yesterday
yesterday

SSH Access Via Meraki MX to Aruba switch

Hi, 

 

    I have question and recommendation on how to configure and access the ssh of Aruba switch which is connected to MX95 via outside network. My configuration that I was done is in port forwarding in firewall rule in Meraki MX. But unfortunately I can't access the ssh outside. Topology 

 

   Internet ---> Meraki MX95 -----> Aruba Switch

  Do I need to use another public IP for NAT 1:1 or port forwarding is enough? what was the Public port do i use for ssh?

Thanks 

0 Kudos
4 Replies 4
AidanKamp
Meraki Employee
Meraki Employee
yesterday
yesterday

If I can propose a different solution that might be more secure for your needs;


Does your MX95 have Client VPN or AnyConnect enabled? It might be better to VPN to this MX instead, and as long as your firewall rules and VPN routing configuration allows for it, you can then SSH directly to the switch instead of needing a port forwarding rule.

Whilst I am a Meraki employee, some of what I post may be opinion (especially architecture!). Others may have better or more efficient ways of doing things, so please learn from everyone!
In response to AidanKamp
AYEN
Getting noticed
yesterday
yesterday

Hi @AidanKamp ,

 

      I already propose that, but the problem with that is you have to configure each device to connect on Client VPN to access the network but on the port forwarding you only need to connect to internet to access the ssh.

0 Kudos
In response to AYEN
AidanKamp
Meraki Employee
Meraki Employee
yesterday
yesterday

Port forwarding should work fine then in that case. The public port can be anything you choose (as long as you change your SSH command to use that port), and the local port will need to match the port used by the Aruba switch (likely TCP22):

 

AidanKamp_0-1741066960965.png

 

If this is still not working, you can perform a packet capture on the internet interface to make sure the MX is seeing the incoming TCP traffic from your host. If that is seen, a packet capture on the LAN interface will help you check if the MX is forwarding that traffic internally.

If you're still having trouble, give support a call and we'll be happy to help!

 

https://meraki.cisco.com/meraki-support/overview/

 

Whilst I am a Meraki employee, some of what I post may be opinion (especially architecture!). Others may have better or more efficient ways of doing things, so please learn from everyone!
PhilipDAth
Kind of a big deal
Kind of a big deal
5 hours ago
5 hours ago

If you go to the Uplink tab on the MX - does it show that the WAN interface has a public IP address?

 

PhilipDAth_0-1741108902171.png

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.