Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound Meraki L2TP on non-standard port no return traffic

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 155 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      basicmonkey
      last edited by basicmonkey

      Hello all,

      I have a Meraki Z1 behind our pfSense trying to talk to a Meraki MX64 at another site and set up a L2TP VPN. The MX64 at the remote site is behind a router that simply NATs it without any static maps for port 500,1701,4500 so ends up on port 49xxx or similar.

      The Z1 behind my pfSense attempts to talk to the MX64 (having talked to Meraki service to find out the ports to connect to) and initiates NAT and some states in the FW.

      Unfortunately, these states remain as "SINGLE:NO_TRAFFIC" and receive no return traffic.

      Z1s on another simple NAT router work fine and talk to the MX64, initiating L2TP VPNs.

      I arranged for the router that is infront of the MX64 to have 500,1701,4500 statically mapped to it. Now the Z1 can talk to the MX64 and create "MULTIPLE:MULTIPLE" states accordingly.

      We have a show going out where the MX64 (VPN termination point) will often be behind NAT on non-standard ports, which isn't a problem for Meraki but seems to be for my configuration of pfSense.

      Latest build of pfSense, snort not blocking anything, FW not blocking any outgoing.

      Any ideas much appreciated.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.