Hi Meraki Community,
I am replacing legacy SonicWALL routers with new Cisco Meraki MX routers. The existing SonicWALL routers are between the MPLS/WAN vendor's router & the network switches for the local LAN. All traffic is routed through SITE A.
Site A has WAN 1 and WAN 2 provider, which plugs into the MPLS/WAN vendor router.
Site B has the SonicWALL's WAN configured as the private network on the site A side.
I built a diagram below, can someone help me understand how to configure the Meraki MX devices to work in this setup?
Solved! Go to solution.
Want to let everyone know - putting the MX in passthrough mode was the solution.
By going into passthrough mode, I have this setup:
WAN1/WAN2 plugs into SITE A MPLS Router
MPLS Router plugs into Meraki in passthrough mode
Meraki plugs into network switches
In this setup, everything works as needed & the MX still does security functions
At site A do you have both WANs plugged into the one device? Do you have two WAN links for one MPLS or two internet connections and one MPLS WAN, or one MPLS with internet access from the core and a second internet connection locally?
Why are you hoping the MXs can do, besides NAT the LANs to the MPLS?
On Site A, WAN 1 and WAN 2 are both plugged directly into 192.168.10.1 - that vendor handles all WAN and fail over.
The goal of the MX devices are to:
- Have it so all devices show up in the client list
- Have security services work (content filtering & threat protection)
Do I need to confirm what IP addresses the LAN devices are being given? I didn't get that info because that is handled by a DHCP Windows server, but I can obtain that if needed.
If by WAN you mean internet connection then your settings look fine on site A for that purpose, for site B, as long as the MPLS device sends traffic to the other one at site A if it is unknown then that is okay as well.
If by WAN you mean the MPLS tails then where is the internet connection?
The MXs at each site will need to be in separate networks in the same organisation. If you want the two LANs to talk to each other then create an auto VPN (SD-WAN) and the two LAN subnets will be able to see each other.
The router 192.168.10.1 on SITE A has two WAN vendors:
1. A high speed 3rd party vendor
2. The MPLS vendor themselves have a WAN connection out here
They handle all of this so I am not worried on this.
On the Meraki MX devices, how do I actually configure the MX devices? Where I am getting confused, there technically is no WAN here, just a static route to the next hop. Does that mean I simply configure the MX with a static route, put in the information, and everything works correct?
Do I keep MX in bridge mode or route mode?
How do the settings on the MX look for something like this?
I think you are confusing WAN and DIA (internet), WAN is generally used for connections between sites, either directly cabled or using provider technology like MPLS, VPLS or SD-WAN.
If I've understood correctly, then the router at site A must be a firewall of some sort. You could use bridged mode and then if the MPLS devices are set up correctly, the sites will talk and you will have a degree of traffic visibility. Otherwise put them in routed mode and configure the WAN ports with your settings and pick a subnet for the LAN at each site.
Want to let everyone know - putting the MX in passthrough mode was the solution.
By going into passthrough mode, I have this setup:
WAN1/WAN2 plugs into SITE A MPLS Router
MPLS Router plugs into Meraki in passthrough mode
Meraki plugs into network switches
In this setup, everything works as needed & the MX still does security functions