I'm new to the management of Meraki MX.
We have a Cisco Meraki MX65.
At the time, we configured a permanent VPN connection with our cloud provider.
Then, we acquired a new Cisco Meraki MX65 to install it at our CEO.
And today we're trying to put our telephony server in a DMZ.
I don't know how we can do it. How to create a DMZ with our server which is in our network.
Any help would be really appreciated.
Thank you very much in advance,
Meraki actually has a nice doc that covers this exact scenario that should help.
TABLE OF CONTENTS
The MX Security Appliance can be used to create a DMZ zone using VLANs, Firewall rules, and 1:1 NAT mappings. To do this, three things need to be accomplished:
In this example, the network will be divided into two zones.
Within the DMZ there is a web server at 172.16.32.2, which should be reachable by all internal clients and any Internet hosts. However, no communication should be allowed to Internal hosts that is initiated by the web server, and only web traffic should be allowed between Internal hosts and the web server in the DMZ. Clients and the DMZ server are both connected to a downstream managed switch. Refer to the topology below.
This will allow:
Unfortunately, that doesn't work.
We have Site-to-Site VPN access with a cloud provider for our servers and when I create a new VLAN I lose connection with our servers and also internet access.
I have to put my smartphone in WiFi sharing to return to the Meraki portal and restore the good configuration.
I do this :
Before, the configuration is Lan Setting --> Single LAN.
I try to change to VLANs, add ID 10 DMZ ... and SAVE.
Then I lose the connection.
An idee ?
Thanks for your answer.
No. No Internet.
What I see is I need to be on VLAN 10 with our Internet Provider (when you go to "Configure").
Now, in Addressing & VLANs, I'm in Single VLAN :
When I change to VLANs. I lose Internet connection.
Maybe do I need to change all network on VLAN10 ???
I'm not an expert on Cisco and networking 😞
Just a guess: After switching to VLAN-Mode, you did not assign the VLAN to the physical interfce(s) and applyed the config without that?
I've changed DHCP.
I have added the DNS from our Internet provider instead of Cloud provider.
Then, now, when I define vlan 1. I have always Internet but our VPN connection site-to-side is broken.
An idea ?
Can someone help me on the solution of why I lose my VPN connection with my Cloud Provider when I switch the configuration to Multi-VLANs?
Maybe nat translation ???
You shouldn’t lose your connectivity just by switching from Single LAN to VLANs. The IP configuration of the MX as Single LAN gets copied across to VLAN 1. The only issue could be if the MX ports are not configured as Access Ports on VLAN 1 - this could be the case if there was a previous configuration on the MX. Make sure the ports are configured as Access, VLAN 1 and enabled, and you shouldn’t lose any connectivity. Once you’re at that starting point you can then move to creating the DMZ.
If all your ports are configured correctly and you’re still losing connectivity then I’d contact Support as it’s unlikely that you’ll get the assistance here that you need to troubleshoot this one.