Meraki

Community

Firewall with Private IP...

Solved
GFrazier
Building a reputation
‎Apr 14 2022 8:18 AM
‎Apr 14 2022 8:18 AM

Firewall with Private IP...

This is similar to a previous post where I have a client that is actually setup with this ISP where they ISP is actually a middle man and not a full-blown ISP:  Basically, this is a situation with a switch between the ISP router and client firewall.

 

The ISP has a router on their end with a switch passing traffic to another switch at the client location where the client has a firewall connected to that switch.  The ISP is connected to a major ISP (Comcast or Cogent), so the small ISP has the public IP configured on their router with a Private IP for the Client router... 

 

This is rendering VPN connectivity unsuccessful, however, I think Port Forwarding may help as one solution.

 

My question is if the small ISP guys obtain a block of multiple public static IPs, can they simply configure the client firewall with one of those IPs - will this work without needing to configure port forwarding?

Labels:
0 Kudos
1 Accepted Solution
OVERKILL
Building a reputation
‎Apr 14 2022 12:28 PM
‎Apr 14 2022 12:28 PM

Site-to-site VPN or Client? As @ww noted, AutoVPN tends to work fine behind NAT/PAT for the most part. Obviously, if it is Client VPN, you'll need port forwards configured as the traffic will never hit the WAN interface of the MX otherwise. 

 

On your query about the smaller ISP, yes, if they obtain a block of routable public IP's and the firewall is able to use one of those, no port forwarding would be necessary. 

View solution in original post

3 Replies 3
ww
Kind of a big deal
Kind of a big deal
‎Apr 14 2022 8:28 AM
‎Apr 14 2022 8:28 AM

You have problems with 3rdparty/client vpn? Most times Autovpn works fine also behind nat

 

If they route a public ip/subnet to the isp lan side/mx wan side, then you dont need port forwarding.

 

In response to ww
GFrazier
Building a reputation
‎Apr 14 2022 8:53 PM
‎Apr 14 2022 8:53 PM

Thanks for both of your feedback... given you both gave me the answer I needed, I did an eanie, meanie, miney moe to choose an accepted solution... THANK YOU BOTH!

OVERKILL
Building a reputation
‎Apr 14 2022 12:28 PM
‎Apr 14 2022 12:28 PM

Site-to-site VPN or Client? As @ww noted, AutoVPN tends to work fine behind NAT/PAT for the most part. Obviously, if it is Client VPN, you'll need port forwards configured as the traffic will never hit the WAN interface of the MX otherwise. 

 

On your query about the smaller ISP, yes, if they obtain a block of routable public IP's and the firewall is able to use one of those, no port forwarding would be necessary. 

li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.