MX HA to Vendor LAN

MJHogan
Just browsing

MX HA to Vendor LAN

Is it possible to configure a MX84 with HA and IPS to directly connect to our vendors LAN without using a VPN? We share the same physical space, but our networks and infrastructure are completely separate. We only need to access a couple of business applications on their side. I'm assuming we would treat them as if they were an ISP, but I feel I'm missing something?

 

Any help will be appreciated.

 

Thanks,

2 Replies 2
ww
Kind of a big deal
Kind of a big deal

Would use a transit subnet/vlan on the lan side and then set static routes. IPS  also work between vlans.  make sure to get firewall rules in place to allow only necessary traffic sourcing from your side, deny incoming from there IP's

 

If they where behind the wan interface you have challenges like default route-flow preferences, nat,  and you need internet connection on that interface

MJHogan
Just browsing

Just so I'm asking correctly, We are basically wanting to configure the environment like the second example in this Meraki document 

 

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

 

Except, instead of going out to the Internet, we will be going into our Vendor's router and have a second MX as a spare. I assume one of Internet ports on the MX will be used for the Vendor router and the other will go into our LAN, which will have access to the Internet.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels