vMX public IP has been changed by itself

Solved
Tarmahmood1
Getting noticed

vMX public IP has been changed by itself

Hello,

 

I got an issue regarding client VPN, users are not able to connect to Anyconnect client VPN. This solution was deployed 2 years back and working fine until few days back we got this problem. upon investigation i see the Public IP in Meraki dashboard is different the one associated to meraki VM nic in Azure. I am suspecting it has been changed, Any idea what to do?, and  how the IP on dashboard is different and in Azure portal associated to VM is different?

 

Current firmware MX 18.107.7,

I did all troubleshooting related to below issue: but i am sure its about the public IP.

Tarmahmood1_0-1705508386417.png

 

Screenshot 2024-01-17 171702.png

 

1 Accepted Solution
Tarmahmood1
Getting noticed

Thanks guys  @PhilipDAth  @jhoney12 @BlakeRichardson @alemabrahao for your suggestion. It has been rectified. problem was the service provider was managing both express route circuit(Azure) and newly deployed FW, and they diverted all default route from express route circuit to the FW, due to which the vMX appliance got the public ip of FW. default route was removed and vMX got actual IP(Azure provided at VMX interface) and the Client VPN gateway has started to work. It can be done by the FW IP,but that was not intended to do config in FW for this solution(managing certificates,DNS records etc)

View solution in original post

6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal

Does it have a dynamic IP?

If yes, it assigns a dynamic public IP to the vMX. If the device is ever rebooted in Azure, it will change the public IP. You might want to consider using DDNS instead of an IP address since it’s dynamic.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
BlakeRichardson
Kind of a big deal
Kind of a big deal

2 years with a dynamic public facing IP is a pretty good run. Dynamic DNS or see if you can obtain an static IP for your vMX

PhilipDAth
Kind of a big deal
Kind of a big deal

All MX's support DDNS (you don't even pay to pay for it).  Get your VPN users to connect to that.

https://documentation.meraki.com/MX/Other_Topics/Dynamic_DNS_(DDNS) 

jhoney12
New here

Two years with a dynamic public-facing IP is quite a commendable stretch. You might want to consider implementing Dynamic DNS, or explore the option of obtaining a static IP for your vMX. It could provide more stability and control over your network configurations.

jhoney12
New here

hi

Tarmahmood1
Getting noticed

Thanks guys  @PhilipDAth  @jhoney12 @BlakeRichardson @alemabrahao for your suggestion. It has been rectified. problem was the service provider was managing both express route circuit(Azure) and newly deployed FW, and they diverted all default route from express route circuit to the FW, due to which the vMX appliance got the public ip of FW. default route was removed and vMX got actual IP(Azure provided at VMX interface) and the Client VPN gateway has started to work. It can be done by the FW IP,but that was not intended to do config in FW for this solution(managing certificates,DNS records etc)

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.