Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX Load balancing dual wan with port forwarding question

Solved
ToryDav
Building a reputation
‎Aug 6 2021 6:16 AM
‎Aug 6 2021 6:16 AM

Meraki MX Load balancing dual wan with port forwarding question

Hi!

I'm looking for some clarification on this question:

If I have an MX with 2 WANs set to load-balance and configure my port forwarding to use "BOTH" uplinks, would this essentially make my ports exposed on both public IPs of each wan?

I don't need the port forwarding to work on both IPs at the same time, but I am just curious to know, in this configuration, would it?

Thanks,
Tory

Labels:
0 Kudos
Subscribe
1 Accepted Solution
Bruce
Kind of a big deal
‎Aug 6 2021 2:22 PM
‎Aug 6 2021 2:22 PM

Yes, if you’ve configured port forwarding for ‘both’ uplinks then the configured port is open on both WAN links (via their associated IP addresses). Obviously you can limit the public IP addresses from which those ports can be accessed through the ‘allowed remote IPs’ field.

View solution in original post

Subscribe
5 Replies 5
Bruce
Kind of a big deal
‎Aug 6 2021 2:22 PM
‎Aug 6 2021 2:22 PM

Yes, if you’ve configured port forwarding for ‘both’ uplinks then the configured port is open on both WAN links (via their associated IP addresses). Obviously you can limit the public IP addresses from which those ports can be accessed through the ‘allowed remote IPs’ field.

Subscribe
In response to Bruce
np
New here
‎Mar 23 2022 12:13 PM
‎Mar 23 2022 12:13 PM

Bruce,

 

I have a question regarding link aggregation.

we are setting up s2s vpn using MX105, which has dual WAN connection.

we are planning to put MX105 behind our company firewall and MX will be using our company owned public IP address space instead of connecting directly to ISP.

since we are planning to use both WAN interface, will MX105 allow as to use two different IP Addresses from same subnet? for example lets say we have 190.100.100.0/24 block which lives on firewall

on mx wan1 - I would assign 190.100.100.10/24 with gateway of 190.100.100.1

on mx wan2 - I would assign 190.100.100.11/24 with gateway of 190.100.100.1 

Would MX105 allow this configuration?

 

if not can we bundle WAN1 and WAN2 in portchannel of some sort and assign single ip address.

 

thanks in advance.

 

let me know if I need to post this question somewhere else.

Subscribe
In response to np
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Mar 23 2022 1:51 PM
‎Mar 23 2022 1:51 PM

You can simply use Load Balancing over your two WAN links: https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Load_Balancing_and_Flow_Preferen...

Subscribe
In response to CptnCrnch
np
New here
‎Mar 23 2022 2:49 PM
‎Mar 23 2022 2:49 PM

Thanks for quick response. Let me add more details. we are implementing MX105 has one arm vpn concentrator. I found a documentation https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide

 

look at Appendix-1, which says An MX Security Appliance operating in one-armed concentrator mode sends and receives traffic on a singular interface. This interface will always be the the first Internet or WAN port on the unit. A secondary port is not supported when deployed as a VPN concentrator.

 

Does that mean load sharing using WAN2 interface is out of the picture now.

 

Thanks

Subscribe
In response to np
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Mar 24 2022 12:50 AM
‎Mar 24 2022 12:50 AM

Exactly. In VPN concentrator mode, only WAN 1 is useable.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.