Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MG51 IP setting

Jyrki_Halonen
Getting noticed
‎Feb 26 2024 11:19 PM
‎Feb 26 2024 11:19 PM

MG51 IP setting

I have a MG51 which is connected to MX95 WAN port4. I try to establish IPsec VPN to non-Meraki firewall but I can't get tunnel working. When MG IP addressing & NAT deployment mode is 'Routed', I can see MG providing IP address 172.31.128.x at MX WAN2 uplink (SFP+ is not installed to WAN2), but IPsec VPN is not established. Otherwise connection to MX works on this setting

 

When trying to use 'Passthrough' mode on MG, the MX95 WAN 2 uplink status is 'Failed'. and connection to MX is not working at all.

 

Why MG is not forwarding the IP address provided by the carrier to MX in 'Passthrough' mode?

Labels:
0 Kudos
Subscribe
9 Replies 9
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 27 2024 3:42 AM
‎Feb 27 2024 3:42 AM

Configuration Differences

There are a number of differences in configuration between Routed and passthrough modes on the MX:

  • Secondary uplinks cannot be used for Internet connectivity. Thus Security & SD-WAN > Configure > SD-WAN & traffic shaping > Uplink configuration only has the option for limiting bandwidth on WAN 1.
  • Site-to-site VPN can only operate in split-tunnel mode when configured as a hub. Traffic bound to VPN subnets must be directed to the MX.
  • DHCP is no longer available. DHCP requests will simply pass through the MX.
  • Cellular uplink is no longer available.

Passthrough Mode on the MX Security Appliance and Z-series Teleworker Gateway - Cisco Meraki Documen...

  • VLANs cannot be configured. The MX/Z1 will act as a bridge between the Internet and LAN ports.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Jyrki_Halonen
Getting noticed
‎Feb 27 2024 5:10 AM
‎Feb 27 2024 5:10 AM

"Secondary uplink cannot be used for Internet connectivity" - this can't be true since Meraki usecase shows that MG can be used for WAN failover.

 

for the DHCP: Dashboard states for Passtrhough mode: "This option can be used to disable the MG cellular gateway NAT. In this mode, the MG will forward the IP address provided by the carrier to a client behind it."

 

Cellular uplink: I'm not using cellular uplink on MX

0 Kudos
Subscribe
In response to Jyrki_Halonen
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 27 2024 5:14 AM
‎Feb 27 2024 5:14 AM

So you're saying the documentation is wrong, is that right?
 
I suggest you open a support case.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
cmr
Kind of a big deal
Kind of a big deal
‎Feb 27 2024 5:38 AM
‎Feb 27 2024 5:38 AM

@alemabrahao@Jyrki_Halonen is using the MG in passthrough mode, not the MX. 

Subscribe
In response to cmr
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 27 2024 5:42 AM
‎Feb 27 2024 5:42 AM

@cmr 

 

"Why MG is not forwarding the IP address provided by the carrier to MX in 'Passthrough' mode?"

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
cmr
Kind of a big deal
Kind of a big deal
‎Feb 27 2024 5:45 AM
‎Feb 27 2024 5:45 AM

@alemabrahao I think the context is needed, I may be wrong, but I read it as the MG in passthrough mode:

 

When trying to use 'Passthrough' mode on MG, the MX95 WAN 2 uplink status is 'Failed'. and connection to MX is not working at all.

 

Why MG is not forwarding the IP address provided by the carrier to MX in 'Passthrough' mode?

0 Kudos
Subscribe
In response to cmr
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 27 2024 5:44 AM
‎Feb 27 2024 5:44 AM

It was not clear how the MX operated. I'm not a native English speaker, so the lack of details sometimes makes it difficult.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
Jyrki_Halonen
Getting noticed
‎Feb 27 2024 5:59 AM
‎Feb 27 2024 5:59 AM

This is how connection is built.
WAN 1 is the primary uplink, but MG51 is connected directly to the MXs as a failover WAN.

Jyrki_Halonen_1-1709042419677.png

 

 

0 Kudos
Subscribe
Mustafa_Taqi
Meraki Employee
Meraki Employee
‎Feb 27 2024 4:38 PM
‎Feb 27 2024 4:38 PM

The Non-Meraki VPN tunnel will only be established between the Active WAN interface and the configured non-Meraki VPN peer. Typically, the WAN1 interface is the Primary interface, and assuming it is up, it will be considered the active interface, and the Non-Meraki VPN tunnel will be established over WAN 1 only (Port 3) and not WAN2 (Port 4). The MX will try to establish the VPN tunnel to the Non-Meraki Peer if WAN1 fails or if WAN2 is the Primary connection. You can change which WAN interface is the Primary interface on the "Security & SD-WAN > Configure > SD-WAN & Traffic Shaping" Page. 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.