Are there resources to help convert the config from a 1921 to a new MX100?

Ben2
Just browsing

Are there resources to help convert the config from a 1921 to a new MX100?

I am staring at this 1921 configuration trying to figure out how to mirror it on a new MX100. Admittedly, I am a novice with all of this, and am in over my head. 

 

Does anyone have suggestions on how to best navigate this migration?

14 REPLIES 14
Johnfnadez
Building a reputation

Hi! I´d like to know what kind of configs do you have? Bc with MX you´ll have a little bit limitations than other cisco routers. For sample NAT between VLANs 

Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA

I have access to the 1921, so I can get a copy of anything that is needed. Right now I am looking at the running config. 

Johnfnadez
Building a reputation

Just try to gather what is the role of this router in your network. And what configs do u have to compare the MX´s capabilities,
Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA
Nash
Kind of a big deal

Okay, so you have a 1921. What role was it playing for you? Is it your immediate 'edge device' - connects to your ISP's equipment?

 

What device is in between that 1921 and the rest of your network? This may change our advice.

 

The first things I'd look at:

 

1. NAT statements

2. Port forwarding

3. Access-control lists

4. Subnets in use

5. VLANs if applicable.

Ben2
Just browsing

1921 is the edge. 

Inside there are Cisco Switches (3560's and 2960's)

 

I wish I could just post the whole config here, but that's not a good idea. 

 

Many NAT Statements

Don't see any port forwarding

Several ACLs

Subnets and VLANs

 

Not a simple config by any means.

 

Johnfnadez
Building a reputation

And the NAT how is it? Is it an outside NAT to you WAN role ports?
Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA

ip nat inside source static tcp x.x.x.x 25 interface GigabitEthernet0/1 25

 

Lots of those...

Johnfnadez
Building a reputation

If this nat is from LAN to WAN it´s possible, actually it´s a Port forwarding NAT a MX would perform this without any problem!
Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA

Ok, good. I think I can figure that out. 

 

How about this. Setting up the VLANs I see... would the subnet for this be 10.19.223.0/24 and the mx ip be 10.19.223.61?

 

interface Vlan25
description Production$FW_INSIDE$
ip address 10.19.223.61 255.255.255.0
ip access-group inside-out in
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
ip policy route-map web-traffic

 

 

Johnfnadez
Building a reputation

It appears to work fine with an MX.
Just the routemap you cannot configure an explicit route map.
Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA

No way to do object-group network?\

 

object-group network AB07-RDP
host 10.19.223.181

CptnCrnch
Kind of a big deal
Kind of a big deal

Currently not, Objects are (still) in Beta right now.

How about "ip nat inside source route-map"

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

I think it would be best to use the Cisco partner locator and find someone near you to do this conversion.

https://locatr.cloudapps.cisco.com/WWChannels/LOCATR/openBasicSearch.do 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels