Unable to Scan over ATT MPLS on Meraki MX68W

HovnanianEA
Here to help

Unable to Scan over ATT MPLS on Meraki MX68W

Hi everyone. We're running into an issue since upgrading our old Cisco 2911 router to a Meraki MX68W at a divisional office. We currently have both the MPLS and Comcast connections being used as uplinks. At the moment, the MPLS is the primary connection until we have the Comcast bandwidth upgraded. We're unable to scan to e-mail or folder on a Ricoh copier over the MPLS connection but it works just fine over Comcast. Before we upgraded the 2911, we did not have any scanning issues so it doesn't appear ports 25 or 445 should be blocked. I didn't see any hits on our firewall considering this traffic should all be internal and the only thing I can think of that changed from a routing perspective at this site is the removal of BGP and use of static routes on our WAN and core switches.

 

I do have case open with Meraki support but wanted to post something here as well in case someone has come across something similar.

 

Error Message:

 

CONNECTION_FAILED at com.ricoh.xgp.sdip.application.service.project.ProjectService.loadProjectMetadata(Unknown Source)
 
Response from Ricoh:
 
It looks like smtp relay isn’t working or it is being blocked we are not able to connect to the SMTP server and that is why you are getting this message it ping but will not allow any email to send I tried it on the device as well without using SLNX and I see same error message SMTPC which means closed connection and will not allow to send message.
4 REPLIES 4
Bruce
Kind of a big deal

One thought…. are you running SD-WAN over the MPLS circuit or not? If not then all your traffic will be being NATed (unless you’ve had No NAT enabled). This means the traffic from the Ricoh will appear as coming from a different address, which could be why it’s failing if the mail server is locked down.

Hi Bruce. We do have a rule in place on our Firewall to NAT our MPLS subnets at our Meraki sites to a public IP from ATT.

 

MPLS IP - 172.17.250.X will NAT to 12.0.152.X

 

We don't see any traffic from the copier itself however hitting the Firewall. It shouldn't when scanning to a network folder or e-mail.

ww
Kind of a big deal
Kind of a big deal

Hi WW. I did come across this article earlier in the week and we did try to specify the domain name on the copier but that did not work. It seems like Marc may have got lucky in that article.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels