Meraki

Community

MX Concentrator had a public IP to get to local status page...?

Solved
yaypingworks
Here to help
yesterday
yesterday

MX Concentrator had a public IP to get to local status page...?

We have an MX105 concentrator for our sites, we were doing nessus scans and were getting results for RFC 1918 addresses that dont exist in any of our subnets (nor were they found on client list)...

 

Looking at the nessus trace route for one of these bogus addresses, we would see the final hop would be a public IP address... we had no idea what it was, but after doing a port scan i found out it was a meraki device. I entered the public IP into my web browser and it went to the local status page of our concentrator. (only accessible internally and not externally)

 

That IP has no meaning to our organization. If anyone can provide insight as to why our concentrator is using this public IP address that would be appreciated.

0 Kudos
1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Was it a 6.x.x.x address?

 

"When in Passthrough or Routed/NAT mode in Single LAN the MX will source traffic from a 6.X.X.X address for services such as Syslog, Netflow, RADIUS access requests and potentially others."

 

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

View solution in original post

1 Reply 1
ww
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Was it a 6.x.x.x address?

 

"When in Passthrough or Routed/NAT mode in Single LAN the MX will source traffic from a 6.X.X.X address for services such as Syslog, Netflow, RADIUS access requests and potentially others."

 

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.