Meraki

Community

VPN ports

JonathanC
Here to help
‎Oct 17 2022 4:56 PM
‎Oct 17 2022 4:56 PM

VPN ports

Why do we need (Or do we need?) ports 32768-61000 open for site to site VPN?

 

The IT guy who controls the network our Meraki is sitting on doesn't like having that number of ports open. Believes it is a security risk.

Is there a different option?

Thanks

0 Kudos
2 Replies 2
Ryan_Miles
Meraki Employee
Meraki Employee
‎Oct 17 2022 5:06 PM
‎Oct 17 2022 5:06 PM

It's explained HERE. AutoVPN uses UDP hole punching with high number ports. In most cases as the article states you don't need to open anything on the upstream firewall.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 18 2022 2:48 PM
‎Oct 18 2022 2:48 PM

If everything has static public IP addresses, then you could configure manual port forwarding:

https://documentation.meraki.com/MX/Site-to-site_VPN/Automatic_NAT_Traversal_for_Auto_VPN_Tunneling_... 

 

BUT, you are missing out on the benefit of automatic AutoVPN.  Could you maybe point out that the MX is a firewall, and doesn't require another firewall to protect it?  Otherwise how many layered firewalls do you need do you need to add to protect the existing firewalls?  The discussion becomes circular quickly.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.