Meraki MX Port Forward Design Question

SOLVED
ToryDav
Getting noticed

Meraki MX Port Forward Design Question

Hello !

I have a design question regarding a port forward and a multi-wan set-up using Meraki MX. Lets say I have an MX with a triple WAN set-up.

Below shows the proposed idea.

ToryDav_1-1627953745959.png


With port forwarding, It looks like I may only be able to configure dual WAN port forwarding, see the below example:

ToryDav_0-1627953630721.png
My confusion lies within the complexity of the port forwarding. With the two devices above is this even possible when configuring the port forwarding onto the MX? 

It seems pretty straight-forward for two WANs, but since WAN 2 port on the MX will connect to the CP E300 router, it will actually be given a private IP, the E300 router will be the gateway which then connects to the WAN 2 + Cellular.

In this scenario, how can I ensure the port forwarding works regardless of whether we have failed over from WAN 1 onto WAN 2 or LTE?


1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal

You'll have to configure matching back to back NAT's on the E300.

View solution in original post

2 REPLIES 2
rymiles
Meraki Employee

i'd have to test to see what it does. however, wan 2 of the mx i assume would be the comcast/cradlepoint wan IP under normal conditions? then if comcast fails the wan IP of the cradlepoint would now be the cell carrier IP?

 

but it would seem you're going to need port forwarding also on that cp device?

 

and perhaps not possible due to install location. but, could you instead land comcast on wan2 and use a usb modem connected to the mx250? that would eliminate the dual nat issue that appears would be the case when the CP is in front of the mx.

PhilipDAth
Kind of a big deal

You'll have to configure matching back to back NAT's on the E300.

View solution in original post

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels