Re: MX67 Port Forwarding

Siyata · ‎05-18-2023

I have a simple network setup, 10 PC's including 2 servers. Trying to grant access to an outside 3rd party who can only use RDP to get into the server.

I'd like to limit open access for RDP by narrowing it just by that persons IP address. But when I went to set up Port Forwarding, I received the following error: "The IP address 192.168.6.10 is not on a configured subnet." Trying to figure out where I'm supposed to add a static route, and HOW to do this properly.

Karsten Iwen · ‎05-18-2023

For this you really should use a VPN and no plain RDP connection.

But it should work nevertheless. The "Allowed Remote IP" is the IP of the external party that you want to allow access to your server and not an internal system. This is the relevant documentation: https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

Siyata · ‎05-18-2023

I have it set up as you describe - as you can see from the original attached images. Still getting the same error message.

Karsten Iwen · ‎05-18-2023

In the picture the private IP is in the field for the remote IPs, perhaps you just accidentally swapped them? The LAN IP which you painted out is the IP of the RDP server. The remote IP is the IP that is allowed to access the server.

Siyata · ‎05-18-2023

Same error when I swap them.

paul driver · ‎05-19-2023

Hello
You need to have a valid L3 lan address to allow the mapping to succeed, then you can add your port-forwarding.
SD-WAN-Routing
*Vlan - add vlan
commit

SD-WAN-Firewall
*port forwarding - add port-forwarding rule
commit

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul