Hi everyone,
I would like to setup MX84 Firewall HA in one-armed concentrator mode and at this point, I'm very confused with provided documentation, and I hope you guys can help me.
Is it possible to use the private IP range for VRRP instead of public? To send traffic over the VPN tunnel, a new route must be added on the L3 switch. Does this mean I have to create a static route to the public VRRP address?
Here is my topology :
Thanks
you can use private adresses. it just need to be able to connect to the meraki cloud.
apendix1 https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide
you could also use bgp for exchanging routes in your dc
Hello @Azamat, Does the primary and the spare MXs have public IPs directly assigned to them on the WAN interface? If so, you need to use a public IP in the same subnet as the uplink IPs for the virtual IP. If you are using private IPs as WAN IPs for the MXs then you can use a private IP in the same subnet as the WAN IPs as a virtual IP.
Regarding the static route, the static route needs to be created on the upstream core switch pointing towards the Virtual IP it can be public or private depending on what you are using.
Let me know if you have any questions.
Cheers!
Raj
Hi, @Raj66 thanks for the help. Yes, MXs have a public IPs and I successfully configured VRRP. I have another issue, however, I've created a static route on upstream L3 switch to VRRP virtual IP, but the route is not showing up in a routing table, but I can see it in the configuration, hence I'm not able to reach the branch offices. What could be the problem? IP routing is enabled on a switch and I'm able to route between, my VLANs. The model is Cisco 9500.
Thanks!
Hi, @Azamat
Chances are there is already a route in the routing table with a lower cost/AD to the destination, therefore it will use that by default. Check to see if you have a default route or a direct connect. I use OSPF with our one armed concentrator and it works very well. Something to think about as it's much easier to scale.