Meraki

Community

Letting fixed IP addresses going through our MG41E or MG21E gateways?

RobustMeraki
Getting noticed
‎Feb 20 2023 3:50 AM
‎Feb 20 2023 3:50 AM

Letting fixed IP addresses going through our MG41E or MG21E gateways?

Hi Team, this is a question often asked us by customers when we suggest them to use MGs in areas where they do not have an Internet connection possibility.

 

Is there a way to let these fixed IP Addresses from customer through? Any infos on that?

0 Kudos
9 Replies 9
DarrenOC
Kind of a big deal
Kind of a big deal
‎Feb 20 2023 4:03 AM
‎Feb 20 2023 4:03 AM

hi @RobustMeraki , can you elaborate a little here on what you're trying to achieve?  Fixed IP's of what devices?  Whats the topology?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
In response to DarrenOC
RobustMeraki
Getting noticed
‎Feb 20 2023 4:06 AM
‎Feb 20 2023 4:06 AM

unfortunately I do not have this information. Customer wants to be able to use some fixed IP addresses passing through the gateway and we are planning to offer him access points that can be used by around 100 employees. There will be no internet connection but only the gateway offered as WAN.

 

In what way they will be using these Fixed IP addresses is something we do not know.

0 Kudos
In response to RobustMeraki
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Feb 20 2023 4:12 AM
‎Feb 20 2023 4:12 AM

If I understand your questions correct, your customer wants to reach certain IP addresses at Site A from Site B.

An MG is just a Cellular Gateway. It provides internet connectivity over a Cellular Network, and will require a cellular date subscription with an ISP. Most likely, the subscription will be subjected to CG-NAT, thus you will not be able to forward fixed IP assignments over the cellular network. If you need to reach some IP addresses at Site A, from Site B over the Cellular Network, you'll need a firewall of some kind which will provide a VPN connection between the two sites, e.g. a Meraki MX at Site A and Site B.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to rhbirkelund
RobustMeraki
Getting noticed
‎Feb 20 2023 4:16 AM
‎Feb 20 2023 4:16 AM

Hi @rhbirkelund , Thank you for the answer. The customer may have a Sophos Firewall on Site A and on Site B there is no other Internet connection (WAN) then the MG Gateway because it is a remote site. There will be an MX85 connected after the MG41E. Can we in this scenario also get a VPN connection with Sophos and MX85 (that has MG before it) and let the IP Addresses pass through the Site B network?

0 Kudos
In response to RobustMeraki
rhbirkelund
Kind of a big deal
Kind of a big deal
‎Feb 20 2023 4:18 AM
‎Feb 20 2023 4:18 AM

Most likely, yes. You'll have to configure a Third-Party Non-Meraki VPN.

 

However, you'll need to work with your cellular ISP to provide you with an APN that is not subjected to CG-NAT. Otherwise you might not be able to build a VPN tunnel.

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
In response to RobustMeraki
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 20 2023 12:05 PM
‎Feb 20 2023 12:05 PM

Building a site to site VPN from the MX85 (behind an MG) to a Sophos is likely to be a NIGHTMARE.  I would avoid this at all costs.

 

If you want a reliable VPN, you'll need to sell them a second MX to put behind the Sophos, and run that unit in VPN concentrator mode.

https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide 

 

Then use Meraki AutoVPN to create the VPN.

In response to PhilipDAth
RobustMeraki
Getting noticed
‎Feb 20 2023 11:40 PM
‎Feb 20 2023 11:40 PM

Would it be better that they use their spare Sophos behind MG instead of MX85 and connect their Sophos in the other country together? The only concern is how MG will be letting the connection through.

0 Kudos
In response to RobustMeraki
Frank-NL
Getting noticed
‎Feb 21 2023 12:42 AM
‎Feb 21 2023 12:42 AM

Hi, that would be an option yes. The fixed IP address depends on the subscription at cellular provider. MG is just pass-through

DarrenOC
Kind of a big deal
Kind of a big deal
‎Feb 20 2023 4:10 AM
‎Feb 20 2023 4:10 AM

I know its dangerous to make assumptions but i like to live dangerously 😎 - i'm assuming they may have some endpoints (PC's/phones etc) that are currently statically assigned IP's....just as long as you define their IP and DHCP schema's accordingly then there's no reason why they couldn't be allowed access through the MG's.....!

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.