Meraki

Community

Meraki MX84 NATS not working

Solved
GWOODFPCN
Here to help
‎Sep 11 2018 8:20 PM
‎Sep 11 2018 8:20 PM

Meraki MX84 NATS not working

i have purchased a MX84 to be our internet traffic only Firewall - Connected to Comcast Business internet.

 

It is currently Connected to a EWIC Nic port on my Cisco 1921 router -

 

My main Router connection goes to my MPLS and local LAN.   I have added routes on the router to send any undefined IP's to the mx84 for internet and it works great..  

 

My issue is my NATs Don't work -  I have added the static routes on the MX84 telling it to go to the cisco router interface for all my internal IP address ranges.   

 

I can ping from firewall - from my Server and ping the server from the firewall, but not from the outside Ip address.  I know the address is good cause I changed my firewall WAN link to that address and it works.

 

Am I missing something on my MX84 -  Sorry I am new to Meraki Firewalls -  I have Meraki Switches and access point throughout my company.

 

 

0 Kudos
1 Accepted Solution
In response to jdsilva
GWOODFPCN
Here to help
‎Sep 12 2018 7:19 AM
‎Sep 12 2018 7:19 AM

Yup - we just threw it on to test.  I am working now...  Figure out the issue.  We have 2 internet connection and the routing was messed up at the Router..  We are online.. thanks,

View solution in original post

14 Replies 14
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 11 2018 8:34 PM
‎Sep 11 2018 8:34 PM

My first guess is Windows Firewall is blocking it. Try disabling and see if the behaviour changes.

0 Kudos
In response to PhilipDAth
GWOODFPCN
Here to help
‎Sep 11 2018 8:36 PM
‎Sep 11 2018 8:36 PM

Windows Firewall is off.  

0 Kudos
In response to GWOODFPCN
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 11 2018 8:40 PM
‎Sep 11 2018 8:40 PM

Can you show a screen shot of your NAT config?

0 Kudos
In response to PhilipDAth
GWOODFPCN
Here to help
‎Sep 11 2018 8:46 PM
‎Sep 11 2018 8:46 PM

Capture.JPG

0 Kudos
In response to GWOODFPCN
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 11 2018 8:51 PM
‎Sep 11 2018 8:51 PM

And 74.95.183.209 is not your WAN IP, correct?

 

If you do a packet capture on "Internet 1" do you see traffic hitting 74.95.183.209 (that you have generated from another Internet connection)?

0 Kudos
In response to PhilipDAth
GWOODFPCN
Here to help
‎Sep 11 2018 8:56 PM
‎Sep 11 2018 8:56 PM

My Wan IP of the firewall is .213

 

i do see traffic for .209 and I see the internal IP of the server.  Just no website.  

 

There has to be something I am missing

0 Kudos
In response to GWOODFPCN
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 11 2018 9:03 PM
‎Sep 11 2018 9:03 PM

And the server definitely has the IP 10.1.1.254?

 

Internally can you browse to http://10.1.1.254 ?

0 Kudos
In response to PhilipDAth
GWOODFPCN
Here to help
‎Sep 11 2018 9:10 PM
‎Sep 11 2018 9:10 PM

Yup comes right up internally.  I see some arp requests asking who is 74.95.183.209 and I did see a MAC address response.

 

But no website 

0 Kudos
In response to GWOODFPCN
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 11 2018 9:17 PM
‎Sep 11 2018 9:17 PM

Are you sure the default gateway for 10.1.1.254 points to the MX?

0 Kudos
In response to PhilipDAth
GWOODFPCN
Here to help
‎Sep 12 2018 6:14 AM
‎Sep 12 2018 6:14 AM

Here is a quick idea of what my network looks like - IP addresses differ internally.  Sorry the firewall IP is 192.168.25.2

Meraki.jpg

0 Kudos
In response to GWOODFPCN
Adam
Kind of a big deal
‎Sep 12 2018 6:25 AM
‎Sep 12 2018 6:25 AM

Which one is the MX in the diagram?  Anyways I'd recommend starting a ping to 74.95.183.209 from the outside.  Then you'll need to run some captures.  First on the outside and inside interface of your Firewall to make sure the pings are getting there and through.  Then on the outside (internet) interface of your MX.  My guess is that the traffic isn't making isn't routing properly on that 1921 as expected.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
GWOODFPCN
Here to help
‎Sep 12 2018 6:26 AM
‎Sep 12 2018 6:26 AM

Sorry the Meraki MX84 is the Firewall in the photo

0 Kudos
In response to GWOODFPCN
jdsilva
Kind of a big deal
‎Sep 12 2018 7:17 AM
‎Sep 12 2018 7:17 AM

Sonicwall???

 

image.png

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
In response to jdsilva
GWOODFPCN
Here to help
‎Sep 12 2018 7:19 AM
‎Sep 12 2018 7:19 AM

Yup - we just threw it on to test.  I am working now...  Figure out the issue.  We have 2 internet connection and the routing was messed up at the Router..  We are online.. thanks,

Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.