Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX-250 HA building issue

Yash_03
Conversationalist
Wednesday
Wednesday

Meraki MX-250 HA building issue

Hi Folks,

 

Can some one pls help out here??

 

I have implemented a new setup in one of our offices where i've deployed MX-250 security appliances as firewalls. During the implementation, i encountered an issue with establishing HA connectivity between the 2xMX-250 devices. Our office has two ISP connections, so i configured ISP1 subnet 113.X.X.234/29 on the MX-A WAN1 interface and ISP2 subnet 154.x.x.85/29 on the MX-A WAN2 interface. Similarly, i configured the same IPs on MX-B, but it is showing a duplicate IP address error. I don't understand why the same IPs of both WAN1 and WAN2 interfaces can't be accepted if we are configuring the two MX devices in Active-Passive mode.

Additionally, I tried configuring MX-warm spare with VIP for each ISP, but I still encountered the same error. The status of both MX devices is showing an orange indication, even though their WAN IPs are pinging from the internet. I'm not sure which device is responding to the ICMP requests.it would be great help if someone can help me in this scenario.

 

I have attached topology for understanding the setup.

 

Thanks!!Screenshot 2024-07-17 at 6.26.10 PM.png

0 Kudos
Subscribe
9 Replies 9
DarrenOC
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

Hi @Yash_03 , whilst theyre Active / Standby youll need to configure a separate external IP for each connection on each MX

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Subscribe
In response to DarrenOC
Yash_03
Conversationalist
Wednesday
Wednesday

Hi @DarrenOC ,

Thanks for prompt response,

 

You mean to say All 4 WAN interface (MX-A&MX-B) should have different physical ip address and same VIP address.

0 Kudos
Subscribe
In response to Yash_03
DarrenOC
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

WAN 1 - 113.1.1.234 MX A

WAN 1 - 113.1.1.235 MX B

WAN VIP - 113.1.1.236

 

Would look something like this

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Subscribe
DarrenOC
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

So youll require 3 IPs per subnet (6 in total)

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Subscribe
In response to DarrenOC
Yash_03
Conversationalist
Wednesday
Wednesday

Got it @DarrenOC 

I hope this will solve my problem. Appreciate your response here!!!

Subscribe
In response to Yash_03
DarrenOC
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

Not a problem. Appreciate it takes a large chunk of external IPs but it’ll work.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Subscribe
In response to DarrenOC
Yash_03
Conversationalist
Wednesday
Wednesday

Hi @DarrenOC ,

I implemented the workaround you shared, and it worked successfully. I'm just curious about the incoming and outgoing traffic. Which IP is being used for inbound and outbound traffic: the VIP or the physical IP?

0 Kudos
Subscribe
In response to Yash_03
van604
Building a reputation
Wednesday
Wednesday

everything should coming in/out on the VIP

Subscribe
In response to van604
DarrenOC
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

Hi @Yash_03 , as per what @van604 says- the traffic will come from the VIP. 

Could I ask that if the issue has been resolved you mark this post as “Resolved”. Cheers

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.