Meraki

Community

Connecting two MX appliances to each other

Stacey1
New here
‎Dec 2 2021 11:31 AM
‎Dec 2 2021 11:31 AM

Connecting two MX appliances to each other

I am trying to setup a test environment in my office. We have a MX sitting on my desk that is connected to a switch in the IT closet and that switch is connected to the building MX appliance (in same closet) which is then connected to our Internet circuit. So connections looks like

Internet -- Building MX -- Building switch -- Test MX -- Test switch

 

We have two hubs but the MX on desk can only connect to one of them (which happens to be the secondary hub). Network connectivity doesn't seem to be working correctly in the test environment. MX on desk can ping 8.8.8.8 and google.com but cannot ping any internal network, which leads me to believe it's a VPN issue. The test MX is using a vlan on the building MX as its Internet circuit and it cannot even ping that IP address. MX in IT closet cannot ping any network on the test MX. Is there a way to ensure the test MX has site-to-site VPN to both hubs and to get network connectivity working internally? I was thinking since the test MX has its own VLANs/subnets that we may need to setup static routes between both MXs (static route on building MX to get to test MX and a static route on test MX to get to Building MX) but not 100% as I am fairly new to Meraki and the MX appliances.

0 Kudos
6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 2 2021 2:41 PM
‎Dec 2 2021 2:41 PM

You won't be able to build an AutoVPN tunnel from an MX behind another MX.  You'll need to either plug the test MX into the same Internet circuit directly or some other Internet circuit (perhaps a temporary 4G circuit?).

0 Kudos
In response to PhilipDAth
Stacey1
New here
‎Dec 2 2021 4:13 PM
‎Dec 2 2021 4:13 PM

I was afraid of that. By chance, is this something new in the newer code (on 15.44)? I believe this was working previously and I believe right after we upgraded firmware is when it stopped working.

0 Kudos
Inderdeep
Kind of a big deal
Kind of a big deal
‎Dec 2 2021 4:07 PM
‎Dec 2 2021 4:07 PM

@Stacey1 : So you are putting Test MX behind the Prod MX and the link between them is WAN for Test MX ?

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
In response to Inderdeep
Stacey1
New here
‎Dec 2 2021 4:12 PM
‎Dec 2 2021 4:12 PM

That's correct.

0 Kudos
In response to Stacey1
Inderdeep
Kind of a big deal
Kind of a big deal
‎Dec 2 2021 4:14 PM
‎Dec 2 2021 4:14 PM

well i did that same kind of setup for my Viptela SDWAN devices but how you are defining the link on the Prod MX ?

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
In response to Inderdeep
Stacey1
New here
‎Dec 2 2021 4:23 PM
‎Dec 2 2021 4:23 PM

There is a switch in between Prod MX and Test MX. The port on switch is setup as an access port on wired vlan and the WAN port on Test MX is set to DHCP. I'm thinking this is what may be causing the issue so tomorrow I was going to put Test MX on it's own vlan that isn't being used by other devices on the network (i.e. a /30 network) to see if that makes a difference.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.