- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MX with no local internet breakout
Greetings!
I have a interesting tbc scenario in which a MX won't have anything connected to WAN1 or WAN2 or USB cellular.(until NBN is installed)
However there will be a MPLS link connected to a LAN port. The MPLS will provide site to site connectivity. The HQ which hangs off the MPLS has a proxy server and a local internet breakout.
I wish to deploy a MX in this fashion whilst leveraging the proxy server at the HQ not only for the MX management but for clients on the LAN.
This would be the mode of operation until the NBN service is installed.
Seeking some clarification that this would work. Not sure how the MX will behave if there is nothing connected to WAN1 / WAN2 or cellular.
Anyone had any exposure to this in the field?
Thanks in-advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @General-Zod ,
I think MX will be online as long as cloud communication via proxy in HQ is available though both of Internet interfaces would be marked as failed until WAN services are provided.
If you create static route to the segment of proxy toward MPLS service, client can access to proxy server and internet access would be available.
Have a try and hope you can give internet access for the clients via MPLS & proxy until internet services are provided to the MX!
The Meraki ECMS exam is now live! Test your knowledge of Meraki and become an official Cisco Meraki Solutions Specialist. More info on the ECMS exam found here.
For information regarding all of Meraki's training offerings, be sure to check out the Meraki Learning Hub.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @HitoshiH
Was hoping someone else in the field had actually tried this already saving me being the guinea pig.
I will have to setup a lab otherwise, thought I'd try here first though.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AutoVPN is guaranteed not to work. But it doesn't sound like you need this,
We need someone to test this. Does the proxy support connections via the LAN interfaces only (as opposed to proxy via the WAN interfaces).
https://documentation.meraki.com/MX/Installation_Guides/MX64_Installation_Guide#Web_proxy_settings
An option that will work is to use the MX in pass-through or transparent mode, where it operates like a layer 2 switch.
You would need to re-configure it again when you get your NBN circuit.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @PhilipDAth
RE: Proxy, that is exactly what I want to confirm.
Passthrough no go, as the MX will be the MPLS router itself, so must be in routed mode. Could use WAN1 for MPLS but then it will NAT which isn't ideal for site to site traffic. Arrrrhh
When is the No-NAT feature going gold again? this would solve this issue and many others I have.
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My money is on this not working. AFAIK MX requires a cloud connection on a WAN port, not a LAN port. But, interesting question and not one I can test myself so following this for an answer 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After raising a ticket I got the following:
This is not a supported design for MX devices.
MX may still be able to pass the traffic on the LAN side without any WAN or cellular connections.
However, this will be no visibility of the configuration and operation of the device and not able to modify any configurations.
Please review this documentation regarding the behavior of MX loss access to the Meraki Cloud. Thanks!
https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Behavior_during_Conn...
good to know!
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why not use firmware 15.x and enable no NAT? We use it for our 1500 user site to site SD-WAN over MPLS?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @cmr
As the 15.x release is in BETA, support will be limited and it wont fly with the customer. Glad it's functional for you though.
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@General-Zod I understand your reservations as an integrator (we are lucky in that we are the customer) but I would say that we have found the opposite, in that support often push to use a beta...!
We have even been mixing 15.14,15,18 and 20 in the same SD-WAN...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@cmr wrote:Why not use firmware 15.x and enable no NAT? We use it for our 1500 user site to site SD-WAN over MPLS?
can this issue be fixed with the declartion from @cmr?
I mean, that a WAN-Interface configured with NO-NAT reaching over MPLS (central Internet-Breakout) the Meraki Cloud for the Control-Traffic, etc.?!