Skip to main content
Cisco Meraki Documentation

Auto VPN Port Change FAQ

Why are the Auto VPN ports changing?

As part of our continued efforts to maximize performance and resiliency of the Meraki cloud platform, we will be updating the VPN registry endpoints used by MX devices (MX, vMX, and Z) and all MR and CW access points (MR/CW) to create an Auto VPN fabric. By expanding the VPN registry endpoints, you will benefit from increased resiliency with VPN registry load balancing. If you have large-scale Auto VPN deployments, this will further improve reliability.    

Due to this change, you will need to update your upstream firewall rules by Wednesday, July 31, 2024, to allow these devices to maintain connectivity. 

What should I do to avoid reliability issues and Auto VPN failures?

Any devices sitting upstream of an MX or MR/CW access point will need the following destinations whitelisted so the device can communicate with the Auto VPN registries: 

Port 

  • UDP 9350-9381 

 

IP range for non-China cloud (Meraki dashboard login via meraki.com or gov-meraki.com): 

  • 209.206.48.0/20 

  • 158.115.128.0/19  

  • 216.157.128.0/20 

 

IP range for China cloud (Meraki dashboard login via meraki.cn): 

  • 43.192.139.128/25 

  • 43.196.13.128/25 

For more detailed information about how to update your upstream firewall rules, please see our Upstream Firewall Rule for Cloud Connectivity documentation. To configure and troubleshoot Auto VPN, please refer to the Auto VPN Configuration and Troubleshooting Knowledge Base (KB) and the MR Teleworker VPN KB

How can I identify which MXs in my deployment need updating?

If you see a dashboard banner requesting to update firewall rules, the corresponding device(s) is/are impacted. Please ensure you update the upstream firewall rules on affected devices to comply with the new changes.  

Dashboard banner example:

Screenshot 2024-02-27 at 10.33.39 AM.png

You can also leverage the firewall tools page to self-check if any of your devices require you to update your upstream firewall rules.  

Screenshot 2023-11-14 at 3.03.32 PM.png

What happens if I don't update?

If no action is taken before the cutover date on July 31, 2024, you will likely experience Auto VPN issues related to intermittent connectivity, unreliable peering, tunnel loss, and disconnections.

I updated my firewall rules today. Why am I still seeing the dashboard banner?

Once your firewall rules have been updated, it may take up to 48 hours for the banner to disappear. If you are still seeing the banner 48 hours after your firewall rules have been updated, please reach out to Meraki Technical Support for assistance. 

Where can I go if I need additional assistance?

If you have additional questions or need assistance, please contact Meraki Technical Support.  

There are two ways you can contact Meraki Technical Support: 

  • Was this article helpful?