Outbound Meraki L2TP on non-standard port no return traffic



  • Hello all,

    I have a Meraki Z1 behind our pfSense trying to talk to a Meraki MX64 at another site and set up a L2TP VPN. The MX64 at the remote site is behind a router that simply NATs it without any static maps for port 500,1701,4500 so ends up on port 49xxx or similar.

    The Z1 behind my pfSense attempts to talk to the MX64 (having talked to Meraki service to find out the ports to connect to) and initiates NAT and some states in the FW.

    Unfortunately, these states remain as "SINGLE:NO_TRAFFIC" and receive no return traffic.

    Z1s on another simple NAT router work fine and talk to the MX64, initiating L2TP VPNs.

    I arranged for the router that is infront of the MX64 to have 500,1701,4500 statically mapped to it. Now the Z1 can talk to the MX64 and create "MULTIPLE:MULTIPLE" states accordingly.

    We have a show going out where the MX64 (VPN termination point) will often be behind NAT on non-standard ports, which isn't a problem for Meraki but seems to be for my configuration of pfSense.

    Latest build of pfSense, snort not blocking anything, FW not blocking any outgoing.

    Any ideas much appreciated.


Log in to reply