ACL Meraki AP question?

the-lebowski · ‎10-16-2020

In some sites we simply have an ACL applied inbound on our WAN interfaces allowing what we want in/back. But for some reason I have an issue with Meraki APs and the traffic coming back.

This is the ACL that is applied:

Extended UP access list ALLOW-THIS-STUFF
10 deny ip 10.0.0.0 0.255.255.255 any (44 matches)
20 deny ip 172.16.0.0 0.0.15.255 any (2 matches)
30 deny ip 192.168.0.0 0.0.255.255 any (59 matches)
40 deny ip host 255.255.255.255 any
50 permit icmp any any echo (51877 matches)
60 permit icmp any any echo-reply (47 matches)
70 permit icmp any any time-exceeded (493 matches)
80 permit icmp any any unreachable (4612 matches)
90 permit icmp any any traceroute
100 permit icmp any any packet-too-big
110 permit tcp any any established (8357531 matches)
120 permit udp any any eq domain domain (913 matches)
130 permit tcp any any eq domain domain (153 matches)
140 permit udp any eq domain any (292311 matches)
150 permit udp any any eq domain
160 permit udp any any eq isakmp (555020 matches)
170 permit udp any any eq non500-isakmp (21 matches)
180 permit esp any any (5828041 matches)
190 permit gre any any (66 matches)
200 permit tcp object-group Public_IP host XX.XX.XX.XX eq 22 (1 match)
210 deny ip any any (14669540 matches)

Now can someone tell me why Meraki would report poor connectivity to the APs in this office behind this ACL? My thought is we are allowing all outbound and only certain traffic in and yet something is still amiss. If I remove the ACL all is well again with Meraki and this site but when its applied they complain about poor connectivity.

The article below is what Meraki requires for cloud connectivity and their APs...all outbound:

https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Upstream_Firewall_Rules_for_Cloud_Connectivity