Meraki Community

3ffdot · ‎Feb 27 2018

I have an MX84 in passthrough mode. The "internet" port is connected to my Layer 3 Cisco switch and port 3 is connected to my ASA. Traffic passes through just fine however on the client list, it seems to only be showing external IP addresses and nothing coming from my internal LAN. The only internal IP that it shows is the IP of my ASA. I need to be able to select clients in order to test the content filtering with the Active Directory groups.

Adam · ‎Feb 27 2018

So the LAN side is going to your ASA? and Internet is going out through the Layer 3 switch? If that is the case I'm not sure you'll see client data since the ASA will show all data leaving it as itself. I think you'd need the MX behind the ASA unless I'm not understating your topology.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

PhilipDAth · ‎Feb 28 2018

@Adam is correct.

3ffdot · ‎Feb 28 2018

I traced the cables and changed the physical connections. L3 now goes into the MX and then to the ASA. Thanks for your response.

MRCUR · ‎Feb 27 2018

I agree with @Adam. It sounds like the MX and ASA are doing exactly what would be expected given the topology you explained. Your ASA is doing NAT/firewalling behind the MX, so the MX sees the ASA as the only LAN client.

Have you considered putting the MX behind the ASA (but in front of your core switch)?

MRCUR | CMNO #12

Meraki Community

MX84 Connection to ASA and Layer 3 Switch

MX84 Connection to ASA and Layer 3 Switch