Meraki

Community

Enabling LAN to WAN subnet routing

MartinS
Building a reputation
‎Mar 3 2022 2:14 AM
‎Mar 3 2022 2:14 AM

Enabling LAN to WAN subnet routing

Sorry if there is a really obvious answer to this, but searching these forums and the Meraki documentation I've not been able to find it.

 

I have a MX68w with a separate cellular router sat on WAN2 which, from the LAN side of the MX I want to communicate with (go to the web interface, poll it via SNMP, that kind of thing). The cellular router has a static route set to direct my MX LAN range back to the MX WAN2 IP so the routing is good, the MX has a static IP set on the WAN2 interface to make sure the IP doesn't wander and break my static route, all good.

 

As far as I can see, the default firewall rules should work as I should be caught by the default any/any outbound rule. I can ping the WAN2 static IP from the LAN side fine, but not the cellular router IP. Cellular router is working fine, as I can add another device to the Cellular router LAN / MX WAN 2 network and communicate with the Cellular router no problems.

 

Looking in the route table, there is no route for the WAN2 interface range, so I suspect that's the problem, but the Meraki UI won't let me add a static route for that. If anyone has any clues they can give me I'd be hugely grateful please!

 

---
COO
Highlight - Service Observability Platform
www.highlight.net
0 Kudos
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Mar 3 2022 6:09 AM
‎Mar 3 2022 6:09 AM

Think of both WANs as VRFs and they leak routes to the LAN to send traffic to the Internet.

For your use-case, you can configure a flow-preference for the WAN2 subnet to access the router. But don't test this with a ping as ICMP is not handled by the flow preferences.

In response to KarstenI
MartinS
Building a reputation
‎Mar 3 2022 8:05 AM
‎Mar 3 2022 8:05 AM

Great OK thanks, I'll give that a go and will report back.

---
COO
Highlight - Service Observability Platform
www.highlight.net
0 Kudos
Bruce
Kind of a big deal
‎Mar 3 2022 12:31 PM
‎Mar 3 2022 12:31 PM

As @KarstenI stated, you’ll need to use the Internet flow preferences to ensure that all traffic destined for the cellular modem’s IP address uses the correct WAN link. Also, remember that all traffic crossing the MX (e.g. LAN to WAN) is NATed, so when you access the cellular modem the source IP of the traffic will actually be the MX’s WAN IP, so you shouldn’t need a static route to your LAN-side subnets.

In response to Bruce
MartinS
Building a reputation
‎Mar 4 2022 12:28 AM
‎Mar 4 2022 12:28 AM

Thanks both of you, that worked a treat!

---
COO
Highlight - Service Observability Platform
www.highlight.net
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.