MX 67 Behind ASA 55 series

reytrevino
New here

MX 67 Behind ASA 55 series

Hi All, I am new on the Meraki world, and we have implemented a set up to allow an MX 67 as VPN concentrator using a local IP, this IP is routed from core switch to an ASA to access the Public side, my question is because security reason the ASA has the rule to allow MX 67 local IP to access any IPv4.

 

Incoming Rule

Meraki MX67 - > any4 - Protocol IP

 

Is there any set of public IP that Meraki uses to restrict this access to specific?

 

Thank you

 

 

2 Replies 2
Sushil
Meraki Employee
Meraki Employee

Please refer this link for details - https://documentation.meraki.com/General_Administration/Other_Topics/Upstream_Firewall_Rules_for_Clo...

 

Also, on Meraki Dashboard, navigate to Help '> Firewall info' for details on upstream FW rules requirement.

Bruce
Kind of a big deal

Yes there is. As you've implemented the MX as a VPN Concentrator I'm assuming you are going to be using AutoVPN to connect to remote sites. So, some of the destinations will be your branch offices that you are connecting to to set up the AutoVPN, the other destination will be the Meraki Cloud and the Meraki VPN Registry. You can find the IP address and ports for these from the Dashboard, go to 'Help' (towards the top right of the Dashboard, and then 'Firewall Info'.

 

Generally since the traffic is all outbound initiated on the MX you can normally have your firewall rules to just allow all outbound from the MX. But I understand that sometimes there is a need to be more restrictive than that, and the above should give you all the information you require.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels