Meraki

PaulHenry · ‎Feb 4 2019

We are configuring an MX-250 as a VPN Concentrator. It will handle client VPN connections and authenticate against a RADIUS server.

It is set up with port forwarding from our primary MX-250.

However, we are seeing blocks from our internal firewall rules.

For example, I get a tcp block on the source IP of 204.79.197.200 and source port of 443, with a target IP of 10.1.250.192 and target port of 61702.

It looks like the blocks are somehow reversed. The VPN client is at 10.1.250.192 and is trying to create a 443 connection to 204.79.197.200, but I get a block in the opposite direction.

Another example: According to our firewall, Google at 8.8.8.8 is trying to hit our VPN client for a DNS lookup on udp port 53. It is backwards!

Any ideas would be welcome. When we finally find the problem, I will post the answer.

Thank you.

PaulHenry · ‎Feb 5 2019

Our network consultant analyzed the issue and made changes to the configuration of our VPN concentrator.

It is now working as expected.

Sorry that I do not have any more detailed information on why we were getting the weird traffic from the VPN concentrator.

Maybe he had it installed upside down. ha ha.

PhilipDAth · ‎Feb 5 2019

Are you talking about the port forwarding access rules (which you specify which IP's are allow access inbound) or the firewall rules (which work on the outbound leg - not the inbound leg)?

PaulHenry · ‎Feb 5 2019

The blocks are from our outbound firewall rules on our primary MX-250.

Thanks,

Meraki

Community

VPN Concentrator Blocks. Source and Target are reversed

VPN Concentrator Blocks. Source and Target are reversed