MX64 without Static Public IP?

SOLVED
luis15pt
New here

MX64 without Static Public IP?

 

Hello first time poster here, setting up a MX64 to install in a few days and i have a question regarding NAT, do i need to have a static public IP ? with other routers i can just open the ports and not worry about this.

 

 

For example: i need to have an address in Public IP or else i get:

 

There were errors in saving this configuration:

https://ibb.co/JsxwrxD

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

If I understand correctly, you actually have a public IP address but it is dynamic.

 

You need to configure port forwarding instead of 1:1 or 1:many NAT (they are for when you have a block IP addresses allocated to you).

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#Port_forwardin... 

 

You can the combined this with the dynamic DNS feature.

https://documentation.meraki.com/MX/Other_Topics/Dynamic_DNS_(DDNS) 

View solution in original post

6 REPLIES 6
Nash
Kind of a big deal

Are you just port forwarding? Then you can use a dynamic IP from your ISP, then setup CNAME records that point to the dynamic DNS name that Meraki provides.

If you need 1:1 NAT, you will of course need a pool of static IPs.

Yes im port forwarding to various devices, my ISP provides a non static IP, from what i understand i have to specify a fixed IP which i curently dont have. Is it a requisite for port forwarding on MX device?
Nash
Kind of a big deal

Your internal devices should have a static IP. I prefer DHCP w/ reservations always and forever, but static assigned to your internal device is fine.

 

Otherwise, from what I understand, the MX itself doesn't really care if it's getting a DHCP IP on WAN or if it has a static. 

 

Static IPs are typically preferred to maintain consistent access. If you're okay with having the occasional outage as DNS catches up, you can use the dynamic DNS record and CNAMEs. 

 

If you want something that's up whenever your firewall is up, then you really should rent a static IP from your ISP.

PhilipDAth
Kind of a big deal
Kind of a big deal

If I understand correctly, you actually have a public IP address but it is dynamic.

 

You need to configure port forwarding instead of 1:1 or 1:many NAT (they are for when you have a block IP addresses allocated to you).

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#Port_forwardin... 

 

You can the combined this with the dynamic DNS feature.

https://documentation.meraki.com/MX/Other_Topics/Dynamic_DNS_(DDNS) 

Thanks Philip, that was the solution, i didnt see that i had incorrectly selected NAT  when i actualy wanted port forward. Thanks!

Hortencia1A
New here

No need for a USB-to-console-dingus to get access to the unit locally .

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels