Howdy Meraki Community,

I have a pair of MX250 as a primary warm-HA pair in routed mode, performing NAT, IPS etc. Looking to deploy another MX95 pair to a smaller remote office branch. The branch site is across the Atlantic Ocean, and requires local pre-configuration and deployment prior to being sent, and ultimately delivered to site.

With no spare uplink, I decided to interface the MX95 pair to our core switch stack, utilising VLAN / routing configuration to forward traffic outbound to our primary gateways,Internet connection established (can be seen through the LAN setup menu). Rather than breaking an uplink to MX250 pair, I decided to 1:Many NAT the internal RFC1918 addresses assigned to the Internet (WAN) Interfaces on the MX95 pair. Each device has it's own, unique private address, which is then Nat'd to a unique static public IP address, using ports 7351 (UDP) and 7734 (TCP) to the Meraki confirmed Cloud ranges (as below);

64.62.142.12/32
209.206.48.0/20
216.157.128.0/20
158.115.128.0/19

MX95 pair are not able to communicate with the Meraki Cloud, despite my configuration attempts. Any advice / suggestions relating to configuring MX's behind another MX Firewall pair already in production, simply for configuration purposes is appreciated.

My only other thought, is that I configure the claimed devices within the Meraki Portal, and simply do a big-bang switch over, pulling the old Firewall NTE / uplink and hard-wiring this in after I have finished the configuration.

With thanks in advance,