cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX64 without Static Public IP?

SOLVED
New here

MX64 without Static Public IP?

 

Hello first time poster here, setting up a MX64 to install in a few days and i have a question regarding NAT, do i need to have a static public IP ? with other routers i can just open the ports and not worry about this.

 

 

For example: i need to have an address in Public IP or else i get:

 

There were errors in saving this configuration:

https://ibb.co/JsxwrxD

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: MX64 without Static Public IP?

If I understand correctly, you actually have a public IP address but it is dynamic.

 

You need to configure port forwarding instead of 1:1 or 1:many NAT (they are for when you have a block IP addresses allocated to you).

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#Port_forwardin... 

 

You can the combined this with the dynamic DNS feature.

https://documentation.meraki.com/MX/Other_Topics/Dynamic_DNS_(DDNS) 

6 REPLIES 6
Head in the Cloud

Re: MX64 without Static Public IP?

Are you just port forwarding? Then you can use a dynamic IP from your ISP, then setup CNAME records that point to the dynamic DNS name that Meraki provides.

If you need 1:1 NAT, you will of course need a pool of static IPs.

New here

Re: MX64 without Static Public IP?

Yes im port forwarding to various devices, my ISP provides a non static IP, from what i understand i have to specify a fixed IP which i curently dont have. Is it a requisite for port forwarding on MX device?
Head in the Cloud

Re: MX64 without Static Public IP?

Your internal devices should have a static IP. I prefer DHCP w/ reservations always and forever, but static assigned to your internal device is fine.

 

Otherwise, from what I understand, the MX itself doesn't really care if it's getting a DHCP IP on WAN or if it has a static. 

 

Static IPs are typically preferred to maintain consistent access. If you're okay with having the occasional outage as DNS catches up, you can use the dynamic DNS record and CNAMEs. 

 

If you want something that's up whenever your firewall is up, then you really should rent a static IP from your ISP.

Highlighted
Kind of a big deal

Re: MX64 without Static Public IP?

If I understand correctly, you actually have a public IP address but it is dynamic.

 

You need to configure port forwarding instead of 1:1 or 1:many NAT (they are for when you have a block IP addresses allocated to you).

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#Port_forwardin... 

 

You can the combined this with the dynamic DNS feature.

https://documentation.meraki.com/MX/Other_Topics/Dynamic_DNS_(DDNS) 

New here

Re: MX64 without Static Public IP?

Thanks Philip, that was the solution, i didnt see that i had incorrectly selected NAT  when i actualy wanted port forward. Thanks!

New here

Re: MX64 without Static Public IP?

No need for a USB-to-console-dingus to get access to the unit locally .

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.