Meraki MX84 NATS not working

Solved
GWOODFPCN
Here to help

Meraki MX84 NATS not working

i have purchased a MX84 to be our internet traffic only Firewall - Connected to Comcast Business internet.

 

It is currently Connected to a EWIC Nic port on my Cisco 1921 router -

 

My main Router connection goes to my MPLS and local LAN.   I have added routes on the router to send any undefined IP's to the mx84 for internet and it works great..  

 

My issue is my NATs Don't work -  I have added the static routes on the MX84 telling it to go to the cisco router interface for all my internal IP address ranges.   

 

I can ping from firewall - from my Server and ping the server from the firewall, but not from the outside Ip address.  I know the address is good cause I changed my firewall WAN link to that address and it works.

 

Am I missing something on my MX84 -  Sorry I am new to Meraki Firewalls -  I have Meraki Switches and access point throughout my company.

 

 

1 Accepted Solution
GWOODFPCN
Here to help

Yup - we just threw it on to test.  I am working now...  Figure out the issue.  We have 2 internet connection and the routing was messed up at the Router..  We are online.. thanks,

View solution in original post

14 Replies 14
PhilipDAth
Kind of a big deal
Kind of a big deal

My first guess is Windows Firewall is blocking it. Try disabling and see if the behaviour changes.

GWOODFPCN
Here to help

Windows Firewall is off.  

PhilipDAth
Kind of a big deal
Kind of a big deal

Can you show a screen shot of your NAT config?

GWOODFPCN
Here to help

Capture.JPG

PhilipDAth
Kind of a big deal
Kind of a big deal

And 74.95.183.209 is not your WAN IP, correct?

 

If you do a packet capture on "Internet 1" do you see traffic hitting 74.95.183.209 (that you have generated from another Internet connection)?

GWOODFPCN
Here to help

My Wan IP of the firewall is .213

 

i do see traffic for .209 and I see the internal IP of the server.  Just no website.  

 

There has to be something I am missing

PhilipDAth
Kind of a big deal
Kind of a big deal

And the server definitely has the IP 10.1.1.254?

 

Internally can you browse to http://10.1.1.254 ?

GWOODFPCN
Here to help

Yup comes right up internally.  I see some arp requests asking who is 74.95.183.209 and I did see a MAC address response.

 

But no website 

PhilipDAth
Kind of a big deal
Kind of a big deal

Are you sure the default gateway for 10.1.1.254 points to the MX?

GWOODFPCN
Here to help

Here is a quick idea of what my network looks like - IP addresses differ internally.  Sorry the firewall IP is 192.168.25.2

Meraki.jpg

Adam
Kind of a big deal

Which one is the MX in the diagram?  Anyways I'd recommend starting a ping to 74.95.183.209 from the outside.  Then you'll need to run some captures.  First on the outside and inside interface of your Firewall to make sure the pings are getting there and through.  Then on the outside (internet) interface of your MX.  My guess is that the traffic isn't making isn't routing properly on that 1921 as expected.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
GWOODFPCN
Here to help

Sorry the Meraki MX84 is the Firewall in the photo

jdsilva
Kind of a big deal

GWOODFPCN
Here to help

Yup - we just threw it on to test.  I am working now...  Figure out the issue.  We have 2 internet connection and the routing was messed up at the Router..  We are online.. thanks,

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels