VPN Concentrator Blocks. Source and Target are reversed

PaulHenry
Here to help

VPN Concentrator Blocks. Source and Target are reversed

We are configuring an MX-250 as a VPN Concentrator.  It will handle client VPN connections and authenticate against a RADIUS server.

 

It is set up with port forwarding from our primary MX-250.

 

However, we are seeing blocks from our internal firewall rules.

 

For example, I get a tcp block on the source IP of 204.79.197.200 and source port of 443, with a target IP of 10.1.250.192 and target port of 61702.


It looks like the blocks are somehow reversed.  The VPN client is at 10.1.250.192 and is trying to create a 443 connection to 204.79.197.200, but I get a block in the opposite direction.

 

Another example: According to our firewall, Google at 8.8.8.8 is trying to hit our VPN client for a DNS lookup on udp port 53.  It is backwards!

 

Any ideas would be welcome.  When we finally find the problem, I will post the answer.

 

Thank you.

3 REPLIES 3
PaulHenry
Here to help

Our network consultant analyzed the issue and made changes to the configuration of our VPN concentrator. 

It is now working as expected.

 

Sorry that I do not have any more detailed information on why we were getting the weird traffic from the VPN concentrator.

 

Maybe he had it installed upside down.   ha ha.

Are you talking about the port forwarding access rules (which you specify which IP's are allow access inbound) or the firewall rules (which work on the outbound leg - not the inbound leg)?

The blocks are from our outbound firewall rules on our primary MX-250.

 

Thanks,

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels