WOL no longer working after move to MX450

SOLVED
svennerski
Here to help

WOL no longer working after move to MX450

We recently moved over from a Cisco ASA appliance to an MX450 with all the firewalls replicated (where applicable).  We have a member of staff who used to use WOL when he was connected to the client VPN in order to wake up a system that sits inside our network. Since moving to the MX450, WOL no longer works and he is unable to wake up the same system he has in the past.  The only other thing that's changed is the subnet used by the VPN clients.

 

Old VPN client range: 192.168.105.5/29

New VPN client range: 10.150.0.0/24

 

Can anyone shed any light on what I would need to get to get this working, or if indeed it's even possible on an MX appliance?

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

Where you using Cisco AnyConnect before?

 

Is the person initiating the WOL packet using a directed broadcast?  I've never tried using directed broadcasts with L2TP over IPSec, so not sure if they would work.

 

If you do a packet capture on the client VPN connection when the packet is sent do you see it arrive?  If not, then I'm guessing L2TP does not support this.

If it does arrive do a packet capture on the LAN interface.  Do you see it leave the MX and head towards the client?  If not then perhaps the MX does not support directed broadcast forwarding.

View solution in original post

6 REPLIES 6
PhilipDAth
Kind of a big deal
Kind of a big deal

Any reason they can't use WOL from the Meraki Dashboard? 

This is specifically a member of staff using their Linux workstation to send a magic packet to another host within our network whilst connected via the client VPN. They do not have access to the Meraki dashboard unfortunately.
PhilipDAth
Kind of a big deal
Kind of a big deal

NolanHerring
Kind of a big deal

You mention all the firewall replicated (where applicable), assuming you mean firewall rules configurations? Its possible one of the firewall rules on the new MX isn't allowing WOL for some reason. Can you show what you have configured?
Nolan Herring | nolanwifi.com
TwitterLinkedIn

I'd agree with @NolanHerring. I'd start with inspecting the firewall rules applied to the MX450; especially if there was a subnet change. The transferred rules may be applying to the incorrect subnet.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Where you using Cisco AnyConnect before?

 

Is the person initiating the WOL packet using a directed broadcast?  I've never tried using directed broadcasts with L2TP over IPSec, so not sure if they would work.

 

If you do a packet capture on the client VPN connection when the packet is sent do you see it arrive?  If not, then I'm guessing L2TP does not support this.

If it does arrive do a packet capture on the LAN interface.  Do you see it leave the MX and head towards the client?  If not then perhaps the MX does not support directed broadcast forwarding.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels