ISP gives private subnet to wan port on MX, is this a problem?

Solved
Nick_Todd
Here to help

ISP gives private subnet to wan port on MX, is this a problem?

Hi all, My ISP only gives a single port on their comms box for internet access. I currently have one uplink port connected to it on my MX95 and pppoe enabled. I have just bought a second MX95 to set up as a warm spare. To enable both to have internet access I have a small switch to connect them to and then patch one port to the internet port on the ISP box.

To allow multiple devices the ISP says they can turn off pppoe and revert to dhcp. They change their box config to give a private network 192.168.70.0/24 for me to use on the small switch. So i will have the uplink ports from both MX95s connected to the small switch and they will have an ip address in the 192.168.70.0/24 range. Internally in the office i use 10.0.0.0/24 network. The ISP says on the coms box they nat a public IP to the IPs in the 192 network. So the outside of the MX firewalls will be on 192 network and receive traffic natted from a public IP.

 

Before I go ahead with requesting the changes from the ISP, I was wondering if anyone had seen this before and could advise if it will cause a problem for the MX?

 

Thanks,

Nick.

 

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

There is a level of functioning of the network this is not a problem. The bigger question is if you have any internal services that you need to publish to the internet (Like a web server).
 
Ideally, each MX would have a public IP, but if that's not possible, that's fine, that's one of the advantages of using SD-WAN, you don't depend on a dedicated link.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal

There is a level of functioning of the network this is not a problem. The bigger question is if you have any internal services that you need to publish to the internet (Like a web server).
 
Ideally, each MX would have a public IP, but if that's not possible, that's fine, that's one of the advantages of using SD-WAN, you don't depend on a dedicated link.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Nick_Todd
Here to help

Hi Alemabrahao, thanks for the quick reply. I dont think we will be publishing any services in the near future. But I have tried to get Teams integration to our Yeastar PBX to work, without success so far. I had applied the port forwarding rules required, but the service was unable to reach the pbx from the internet. It could well be the ISP configuration causing a problem.

 

Thanks.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels