Meraki with no access to Internet on WAN interface

radcio
Conversationalist

Meraki with no access to Internet on WAN interface

I am contemplating buying some MX boxes for some remote firewalls.  Our current setup is that the WAN will be a connection to another business without Internet access.  Internet access is accessible via the LAN interface.  Is this possible?  Basic question is must the MX communicate to the web via the WAN interface?

Default route will go out the LAN interface, with only a couple specific route statements going out the WAN interface. 

5 REPLIES 5
PhilipDAth
Kind of a big deal
Kind of a big deal

The MX must be able to communicate with the internet via the WAN port.

 

If all WAN sites will have an MX then you could plug the WAN circuits into the WAN ports and use AutoVPN.

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Site-to-site_VPN_over_MPLS

radcio
Conversationalist

We connect to the sites via Layer 2 private fiber, so there isn't really a way to VPN. We would have to VPN to ourselves.

What's the purpose that you're looking at MX appliances for this design? I.e what features are you looking to use?

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)

We just need firewall/ACL.  Currently, we are firewalling at corporate using ASAs.  Since we have servers at the remote site, I would like to put a  firewall at the remote site instead of firewalling at corporate.  I have a server and a few pcs at the remote site.  Currently, I just have a layer 3 switch at the remote site.  One VLAN for my network and one VLAN for the remote facility network(connected to their firewall).  Right now, anything at the remote site can hit that  server and PCs but my corporate LAN is firewalled.  I have purchased ASAs to place at the site, but a VAR was on site last week and asked that I look at the MXs.  It sounds like if they connect to Meraki via the WAN interface, Meraki will not work for this scenario.

 

 

Why don't you look at re-architecting? Have you looked at having an SD-WAN architecture with the ability to create and SD-WAN overlay over your private underlay and also allowing localized internet breakout for SaSS and Internet traffic?

Eliot F | Simplifying IT with Cloud Solutions
Found this helpful? Give me some Kudos! (click on the little up-arrow below)
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels