Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX 84 config question

Solved
jrsilvius
Getting noticed
‎Aug 19 2020 7:03 AM
‎Aug 19 2020 7:03 AM

MX 84 config question

We recently requested a /28 network from our ISP. Previously we had 5 Static addresses and they provided the gateway, so we had one address for our Virtual IP and one for each of our MX 84's (set up for HA), and 2 for our web services. Now they are telling us we have provide our own gateway. I know on a Cisco Router I can setup one interface with the WAN address they give me, one interface with the address out of my /28 block for a gateway and then set routing for 0.0.0.0/0 to the WAN interface. Then set my MX devices up like they currently are with the new addresses pointing at this edge router. But I was wondering if there is anything I can do on the MX to avoid adding adding an edge router or layer 3 switch to do the routing?

0 Kudos
Subscribe
1 Accepted Solution
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Aug 19 2020 7:19 AM
‎Aug 19 2020 7:19 AM

No you need a router in between.

 

The ISP will probably have a private subnet behind their modem or some PPPoE-ish config you'll have to configure on the WAN side of your router.  And the ISP will have a route to the /28 they provisioned for you pointing to the WAN side of your router.

Then on the LAN side of your router you will have the /28 subnet where usually the first IP is given to the router's interface and 3 more are used for your HA pair and vIP.  So you'll have 11 addresses for various NAT'ed services.

 

Some other vendors allow you to configure a private IP on your WAN interface and then just use a public range as NAT'ed range to point to your internal services.  With Meraki however you need to have an actual interface in the same subnet as your NAT'ed range.  Possibly because the Meraki will only support doing ARP replies on behalf of the NAT ranges and not route these internally.

View solution in original post

Subscribe
2 Replies 2
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Aug 19 2020 7:19 AM
‎Aug 19 2020 7:19 AM

No you need a router in between.

 

The ISP will probably have a private subnet behind their modem or some PPPoE-ish config you'll have to configure on the WAN side of your router.  And the ISP will have a route to the /28 they provisioned for you pointing to the WAN side of your router.

Then on the LAN side of your router you will have the /28 subnet where usually the first IP is given to the router's interface and 3 more are used for your HA pair and vIP.  So you'll have 11 addresses for various NAT'ed services.

 

Some other vendors allow you to configure a private IP on your WAN interface and then just use a public range as NAT'ed range to point to your internal services.  With Meraki however you need to have an actual interface in the same subnet as your NAT'ed range.  Possibly because the Meraki will only support doing ARP replies on behalf of the NAT ranges and not route these internally.

Subscribe
In response to GIdenJoe
jrsilvius
Getting noticed
‎Aug 19 2020 7:51 AM
‎Aug 19 2020 7:51 AM

Thanks for confirming. We've had to do this in a couple other locations, but I wanted to make sure I wasn't missing something. 

 

I appreciate the confirmation of my other setups.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.