Meraki MX multiple /29 Public Blocks

Solved
Sarv
Getting noticed

Meraki MX multiple /29 Public Blocks

 

I just want to validate this configuration will work on the MX (latest firmware).

 

We have a need to get a second /29 public ip block from the same (Primary) ISP.  The MX will have a public IP on its WAN interface from the first /29 block. The 2nd /29 block from the same ISP will be used for NAT forwarding. Is this a valid configuration that will work with the MX (I know it works with other FW's), this second /29 will be not be contiguous with the first /29 block.

 

I believe this configuration will work but wanted to ask the community if there are any gotcha's.

 

Thanks

Sarvjit

1 Accepted Solution
KarstenI
Kind of a big deal
Kind of a big deal

As already mentioned, no problem with this setup. If your MX is the only device to use this IP subnet, you can ask the ISP to route it to your MX IP. It's slightly more secure and you get one more usable IP.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

4 Replies 4
Bruce
Kind of a big deal

Yes this should work fine. Note that the PAT that The MX performs will always use the address assigned to the WAN interface. The addresses in the additional /29 can be used to 1:1 NAT, or 1:many NAT configured through the Dashboard.

Sarv
Getting noticed

Thanks Bruce

KarstenI
Kind of a big deal
Kind of a big deal

As already mentioned, no problem with this setup. If your MX is the only device to use this IP subnet, you can ask the ISP to route it to your MX IP. It's slightly more secure and you get one more usable IP.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Sarv
Getting noticed

Thank you. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels