Feature: HTTP Proxy for Internet Router configuration?

ksumann
Getting noticed

Feature: HTTP Proxy for Internet Router configuration?

Hi guys,

 

i just wanted to ask you opinion about the following:

 

Most internet router can be accessed and configured through a web interface. You need to be on the LAN side to do so. But even having an MX installed behind doesn't allow you to access the internet router. You would need some sort of HTTP proxy installed on the meraki to ask the internet router from the lan side and then send the informationento the dashboard.

 

What do you think about it? And how did you solve this problem?

10 Replies 10
GreenMan
Meraki Employee
Meraki Employee

I'm not sure why you think you'd need a proxy.   Provided you know the private IP address of the router - and assuming it's directly connected to the MX (i.e. one of the MX WAN ports is in the same subnet) you'd only need the MX firewall rules to permit the HTTP/S traffic.  By default such an outbound session would indeed be permitted.

ksumann
Getting noticed

I'm not sure how a firewall rule on the meraki will solve it.

I'm trying to access the internet routers local port from the internet.

GreenMan
Meraki Employee
Meraki Employee

But if you're on the Internet and a Meraki device is connected to the Internet, all the configuration happens through the Meraki Dashboard - you don't need to connect to it directly.   The Meraki Dashboard effectively behaves rather like a proxy, for the configuration and management.

Meraki devices do support a basic web console, called the Local Status Page.  This is primarily reached from the LAN side, because you mostly use it just to get the device initially communicating with the Internet and the Meraki Dashboard.  Once it's talking to Dashboard, all the detailed config and monitoring happens there.   Bear in mind that, as Meraki devices happily use DHCP by default, they will usually talk directly to Dashboard without needing any initial config at all.

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Me...

ksumann
Getting noticed

Guess i didn't explain correctly, so i'll try again.

According to my first post "internet router" and "meraki" meant two different devices, connected like this:

Internet --- Internet router --- Meraki MX

I want to access the the configuration page of the internet router (not the meraki), and this page is only accessible from thats router lan site, where the MX sits.

GreenMan
Meraki Employee
Meraki Employee

OK - I think I follow this now.   If your Internet router will only accept connections to it's LAN side - and that uses a private IP range - I think your best bet would be to get Teamviewer or similar installed on a PC on the LAN, then initiate an outbound web session to your "Internet router" from there.   You'll have to be careful, if you're messing with the Internet router's configuration, that you don't cut yourself off from the management console.

ksumann
Getting noticed

Yes, thats excactly the problem, additionally we don't have a pc on LAN side... Thats why i thought having a web proxy on the meraki itself would be nice.

 

Another idea was to have a port forwarding from the internet router to the meraki and a second port forwarding from the meraki back to the internet router. I tried that but it didn't work, i iguess the meraki is unable to forward from wan to wan?

GreenMan
Meraki Employee
Meraki Employee

How about trying client VPN into the MX?  I have to say, with this - I've not tried it myself

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance

ls08
Here to help

We submitted this request to our SE and still nothing. We’re changing from Cradlepoint to MX and it’s a big step down. Cradlepoint offers a remote connect feature. (https://customer.cradlepoint.com/s/article/NCM-Remote-Connect-LAN-Manager)

 

We use this feature to connect to the local status page of the MG that is being installed and also the MX whenever that has issues. 

it’s a feature we will miss entirely whenever we move on from Cradlepoint. We never needed a PC, raspberry PI or another computer to maintain. Not all field techs have a laptop so we’re SOL. 

ksumann
Getting noticed

So, i was able to set up a client VPN but i'm unable to reach the ISP router.

In fact, currently, i'm nether able to reach it via LAN interface, nor via client VPN interface.

I did a packet capture and could see a ping going in to the corresponding interface, but it didn't come out at the WAN interface.

 

My best guess at this point is, that i'm missing a route but: The isp router is directly connected to the WAN interface, there should be a route without defining one.

AND adding a route manually gives the error "The static LAN route "Test" has an invalid next hop IP. The IP address 192.168.178.42 is not on a configured subnet."

JGill
Building a reputation

Agreed!!  A simple remote proxy in the MX on the Tools page where you could select the WAN interface and use HTTP/S to configure / review a broadband modem would be such a great feature.   We have duel broadbands at each location, sometimes with the same broadband subnet / gateway.  So even getting on an internal PC and hitting the gateway IP unless you shut down one broadband (or radically manipulate SD-WAN traffic shaping) you can't control which broadband modem you will get. 

 

We've made the same request several times.  Maybe getting some up votes in the community will help. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels