Meraki

Ntuka

Good day.

I created selfservice website on my windows server and i configured VLAN's on my network. Still, I cannot access the website externally. When I use my personal network, I can only access the site when I am connected to the office network. I set the rules on both the firewall and the router to allow traffic, but still, I do not have access. Kindly assist.

Error I get

Layer 3 routing

Port forwading

VLAN's and Routing

ww

Do you get response when you do a nslookup to that dns name?

Does it work when you enter the public ip in the browser?

Ntuka

When i run nslookup it does respond

but when i enter publick ip it does not repond

JonoM

Based on your nslookup results, it looks like there is only a private IP address (192.168.1.241/243) being advertised via DNS.Is it possible this was taken on your local LAN?

If you are seeing a public address when performing an nslookup on an external network (from home for example), do you see the public IP address of your firewall?

If you take packet captures on the WAN interface of your MX appliance and then try to access this resource externally, do you see the request being sent by your external client? Does the traffic match the port forwarding rule you have configured, with regards to port number and IP addressing?

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

Ntuka

Yes, i did the run the lookup on my network and when i run it using external network it times out

cmr

@Ntuka your public DNS record points as below, is that the WAN IP of the Meraki MX?

If my answer solves your problem please click Accept as Solution so others can benefit from it.

NicolasRen

Hi,

As Jono said, verify your dns records, it seems you have a mistake in your DNS configuration.

I tried to nslookup from the outside and I have the same result as you with the private IP address. As understanding, we should have a public IP (related to your MX WAN IP).

By the way, if you access directly to the MX WAN IP address, do you have an answer ?

Ntuka

Hi,

my DNS records are poiting to the server that is hosting the website

NicolasRen

Yes that's the point, if you want to access it from the outside of your network, you will need to point these records to the public IP (where you did the port forwarding).

This IP address is the WAN IP of your MX. You can find it in Security & SD-WAN / Appliance Status, look at the WAN1 section. By the way, the first test to do is to put this IP address in your browser to check if your port forwarding rules are working correctly.

Also, you'll have to confirm that your MX is directly connected to your ISP and hosting the public IP (not connected behind a router for example).

Let us know about your tests.

Ntuka

Hi,

I did change the records to point to the public IP, but it still does not go to the self-service site.

the self-service site uses the following ports, which are set correctly:

443

9443

1433

9143

8943

Ntuka

Hi,

my DNS records are poiting to the server that is hosting the website

ChrisC83

Is the public IP 160.226.217.132 is configured on the WAN side of your MX or in the same subnet of MX WAN IP? If yes, you can easily check this by sending a session toward your server url and perform a packet capture on the WAN port of the MX to understand if the MX receives the client traffic or not.

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

Ntuka

Hi,

The public IP is configured on the WAN side of the MX, and all packets are lost when I send the session from the server to the public IP and vice versa.

NicolasRen

Hi Ntuka,

As we already know your public IP address, would you share appliance status page with wan uplinks status ?

Also, you enabled port forwarding on both uplinks which could cause some issues if you don't have active/backup upstream routers.

Ntuka

NicolasRen

Yes so here your MX is configured with private subnet interconnection. It means that you have a router upstream your MX that is hosting the public IP address.

You'll have to configure port forwarding on this router to be able to join your server from the outside.

Ntuka

Meaning on my router i should point traffic to my sever's private IP?

NicolasRen

No you can't as your MX is configured in NAT mode so you will not be able to "enter" in your network.

You would configure port forwarding on your router to point to your MX IP : 10.0.1.100. You'll have double NAT but it shloud work.

Meraki

Community

ERR_CONNECTION_TIMED_OUT

ERR_CONNECTION_TIMED_OUT