Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX75 HA question

JFridolf-Iver
Conversationalist
‎Mar 22 2023 1:57 AM
‎Mar 22 2023 1:57 AM

MX75 HA question

I was told recently that it should be no issue that have two MX75 in a HA (passive/ready) configuration with only 1 external IP address. 

 

So I bought two MX75 and started configuring them. 

 

As soon as I add the spare and set it to "MX IP", I rather immediately get a issue where it states that there is a duplicate IP configured and then the two firewalls takes turn on being primary/spare. 

 

Is it so that this can't be done and I have to do it "old style" where each of the MX has there own external IP?

 

Are there any other options? 

 

For reference I have connected it all as per following drawing: 

JFridolfIver_0-1679475463340.png

 

0 Kudos
Subscribe
3 Replies 3
Brash
Kind of a big deal
Kind of a big deal
‎Mar 22 2023 2:13 AM
‎Mar 22 2023 2:13 AM

HA with routed MX's is definitely achievable with just the one IP shared between the two MX's.

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair#Routed_...

 

It sounds like you're not configuring HA correctly. It's hard to tell from your diagram but do you have a LAN connection from both of the MX's to share VRRP heartbeats?

0 Kudos
Subscribe
In response to Brash
JFridolf-Iver
Conversationalist
‎Mar 22 2023 2:38 AM
‎Mar 22 2023 2:38 AM

P2 on the MX is the "Internet 2" port (port 2)

These ports are then connected to each of the Switches

FW01-P2 > SW01-P3

FW02-P2 > SW02-P5

which is set to the same VLAN as the port containing the ISP (SW01-P1).

 

P4 and P5 on the MX are the "LAN ports", which are set to trunk as per usual. 

 

So they go to each of the Core-switches

FW1-P4 > SW01-P7

FW1-P5 > SW02-P8

 

FW2-P4 > SW01-P9

FW2-P5 > SW02-P10

 

(STP to protect the network from loops)

0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 22 2023 2:20 AM
‎Mar 22 2023 2:20 AM

You can use a Nated IP for Wan interface, I did it a few times and worked well.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.