Meraki

Community

First time doing routing on MX

Solved
IT_Magician
Building a reputation
‎Jan 20 2020 1:47 PM
‎Jan 20 2020 1:47 PM

First time doing routing on MX

Hi Meraki Community,

 

I am replacing legacy SonicWALL routers with new Cisco Meraki MX routers. The existing SonicWALL routers are between the MPLS/WAN vendor's router & the network switches for the local LAN. All traffic is routed through SITE A.

 

Site A has WAN 1 and WAN 2 provider, which plugs into the MPLS/WAN vendor router.

 

Site B has the SonicWALL's WAN configured as the private network on the site A side.

 

I built a diagram below, can someone help me understand how to configure the Meraki MX devices to work in this setup?

 

Settings.jpg

 

 

 

0 Kudos
1 Accepted Solution
In response to IT_Magician
IT_Magician
Building a reputation
‎Jan 20 2020 4:02 PM
‎Jan 20 2020 4:02 PM

Want to let everyone know - putting the MX in passthrough mode was the solution.

 

By going into passthrough mode, I have this setup:

 

WAN1/WAN2 plugs into SITE A MPLS Router

MPLS Router plugs into Meraki in passthrough mode

Meraki plugs into network switches

 

In this setup, everything works as needed & the MX still does security functions

View solution in original post

7 Replies 7
cmr
Kind of a big deal
Kind of a big deal
‎Jan 20 2020 1:53 PM
‎Jan 20 2020 1:53 PM

At site A do you have both WANs plugged into the one device?  Do you have two WAN links for one MPLS or two internet connections and one MPLS WAN, or one MPLS with internet access from the core and a second internet connection locally?

 

Why are you hoping the MXs can do, besides NAT the LANs to the MPLS?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
IT_Magician
Building a reputation
‎Jan 20 2020 1:57 PM
‎Jan 20 2020 1:57 PM

On Site A, WAN 1 and WAN 2 are both plugged directly into 192.168.10.1 - that vendor handles all WAN and fail over.

 

The goal of the MX devices are to:

- Have it so all devices show up in the client list

- Have security services work (content filtering & threat protection)

 

Do I need to confirm what IP addresses the LAN devices are being given? I didn't get that info because that is handled by a DHCP Windows server, but I can obtain that if needed.

0 Kudos
In response to IT_Magician
cmr
Kind of a big deal
Kind of a big deal
‎Jan 20 2020 2:04 PM
‎Jan 20 2020 2:04 PM

If by WAN you mean internet connection then your settings look fine on site A for that purpose, for site B, as long as the MPLS device sends traffic to the other one at site A if it is unknown then that is okay as well.

 

If by WAN you mean the MPLS tails then where is the internet connection?

 

The MXs at each site will need to be in separate networks in the same organisation.  If you want the two LANs to talk to each other then create an auto VPN (SD-WAN) and the two LAN subnets will be able to see each other. 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
IT_Magician
Building a reputation
‎Jan 20 2020 2:13 PM
‎Jan 20 2020 2:13 PM

The router 192.168.10.1 on SITE A has two WAN vendors:

 

1. A high speed 3rd party vendor

2. The MPLS vendor themselves have a WAN connection out here

 

They handle all of this so I am not worried on this.

 

On the Meraki MX devices, how do I actually configure the MX devices? Where I am getting confused, there technically is no WAN here, just a static route to the next hop. Does that mean I simply configure the MX with a static route, put in the information, and everything works correct?

 

Do I keep MX in bridge mode or route mode?

 

How do the settings on the MX look for something like this?

0 Kudos
In response to IT_Magician
cmr
Kind of a big deal
Kind of a big deal
‎Jan 20 2020 2:22 PM
‎Jan 20 2020 2:22 PM

I think you are confusing WAN and DIA (internet), WAN is generally used for connections between sites, either directly cabled or using provider technology like MPLS, VPLS or SD-WAN.

 

If I've understood correctly, then the router at site A must be a firewall of some sort.  You could use bridged mode and then if the MPLS devices are set up correctly, the sites will talk and you will have a degree of traffic visibility.  Otherwise put them in routed mode and configure the WAN ports with your settings and pick a subnet for the LAN at each site. 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
IT_Magician
Building a reputation
‎Jan 20 2020 3:15 PM
‎Jan 20 2020 3:15 PM

I guess that is my question.

For site A, how would you configure the WAN port and LAN port on the MX?
0 Kudos
In response to IT_Magician
IT_Magician
Building a reputation
‎Jan 20 2020 4:02 PM
‎Jan 20 2020 4:02 PM

Want to let everyone know - putting the MX in passthrough mode was the solution.

 

By going into passthrough mode, I have this setup:

 

WAN1/WAN2 plugs into SITE A MPLS Router

MPLS Router plugs into Meraki in passthrough mode

Meraki plugs into network switches

 

In this setup, everything works as needed & the MX still does security functions

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.