Network Policy Server VPN authentication weird ip address
All my clients who vpn in are authenticated also through our Network Policy Server. When I look in the event viewer, all the requests have an NAS ipv4 of 126.96.36.199 address. Is this something from Meraki? When I look it up it is an address in Colorado. Should I be concerned about this?
I took a quick look at the NPS logs for a client of mine. Their requests also originate from a 188.8.131.52/8 IP address. I'd be willing to bet that this is due to communication with the Meraki cloud but I have no proof.
I have an MV72 that displays this behavior too. I have both the wired and wireless interfaces active on it, and it generates IP conflicts from time to time. I never posted about it here, or opened a case, but I did throw it out to the Twitterverse to for comments.
This is a old discussion but since I've seen a number of cases on Meraki Support I decided to give this topic a bump up.
TL/DR: if you seen traffic like RADIUS, Netflow, SYSLOG, access requests, etc coming from your MX with IP 6.x.y.z it's ok if your MX is in Pass Through mode or it just have one single VLAN.
According to this official document , MX devices which operate in Pass-through mode or just have on single VLAN pick an address from range 6.x.y.z only for certain types of traffic. "When in Passthrough or Routed/NAT mode in Single LAN the MX will source traffic from a 6.X.X.X address for services such as Syslog, Netflow, RADIUS access requests and potentially others." 
Meraki also uses a public IP in the NAS field when AP's and Switches probes the radius server to see if it is alive. Meraki also uses public IPs for BGP router ID's when enabling BGP and for the APs when they are in mesh.
It's really strange to see these public IPs show up at seemingly random places.