New MX64 not passing traffic to outside

Mr_Slow
Just browsing

New MX64 not passing traffic to outside

Hi,

 

I attempted to deploy an MX64 earlier today and failed miserably, clients were issued an IP address as expected, however no traffic ever hit the internet.

 

Is there a trick to get the PAT/hide NAT working correctly?

 

The MX could ping Google etc fine and I'm managing the device visa the cloud dashboard with no issues..

 

Firewall rules were all left to default, so I can't see those being an issue.

 

Basically there's so little to configure on the device I don't know what I can do to try to resolve, a typical ASA etc would be easier for me personally to fix!

 

Any tips or pointers much appreciated

 

Cheers

 

Rich

9 REPLIES 9
SoCalRacer
Kind of a big deal

It kind of sounds like this wasn't a brand new device, is that the case?

 

In the dashboard possibly check the change log, to see if someone made some changes that could affect connectivity

 

The devices that were issued IPs can you ping them from the MX Tools? 

 

The devices that were issues IPs can they ping 8.8.8.8?

 

 

Yeah it is a new device.

the Meraki can ping the devices that are issued IP's and similarly the devices can ping the gateway IP on the MX, but no client can get beyond that point.

It screams NAT not working, or a rule blocking to me, but there's nowhere for me to configure the former, and the latter is all on the defaults, i.e. anything can go out!
AjitKumar
Head in the Cloud

Hi Rich,

Meraki MXes (Security Appliances) by default NAT the traffic. We need not do any special configuration for this.

MX can ping google. How about clients? How about traceroute on clients?

If the internet is working.

and

the MX is not blocking?

the PCs native firewall is not blocking?

any other 3rd party product is not blocking?

 

Clients shall reach internet. [You may try plugging PC directly on MX if already not]

 

Also as @SoCalRacer suggested kindly recheck the DNS Server settings and reach ability on clients.

 

Network-wide > Event log could be a place to monitor the logs on the Meraki Dashboard.

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

MX can ping google. How about clients? How about traceroute on clients?

Clients can't ping google, traceroute from a client stops at the MX

If the internet is working.

and

the MX is not blocking?
As far as I can tell it's not. Firewall rules are as set out of the box, so anything is allowed out.

the PCs native firewall is not blocking?
Turned off

any other 3rd party product is not blocking?
No, same issue with IP phones, Linux machines, Windows machines etc. It's not a client issue.

PhilipDAth
Kind of a big deal
Kind of a big deal

Are you plugging directly into the MX, or something else (like a switch) and then the MX?

 

If something else, are you using VLANs on the MX?  Have you got a matching VLAN config on the switch?

 

Can clients ping the MX default gateway?

 

Can clients ping the Internet by IP address (such as ping 8.8.8.8)?

Are you plugging directly into the MX, or something else (like a switch) and then the MX?

Tried both ways, either with a trunk port to a switch, or with one of the ports configured for access. In both instances devices are issued an IP and connectivity to the MX is fine, the issue is getting beyond the MX.

 

 

 

If something else, are you using VLANs on the MX?  Have you got a matching VLAN config on the switch?

See above, if there were mismatching VLANS, clients wouldn't be able to ping the MX.

 

Can clients ping the MX default gateway?

Yes

 

Can clients ping the Internet by IP address (such as ping 8.8.8.8)?

Nope

I know this is old, but did you ever resolve this?

 

I'm experiencing the same issue right now and Meraki tech can't seem to figure it out.

stephon_a_it
Just browsing

Yea was there a resolution to this? I'm dealing with the issue now as well at a customer site. I factory reset it and re-added the static IPs and still nothing--online but can't reach 8.8.8.8. 

GIdenJoe
Kind of a big deal
Kind of a big deal

If your MX can reach the cloud then you should be able to do packet captures on your MX.  So you could start a ping to some online IP and capture from LAN side of MX.  Then capture again from Internet side of MX and see what happens.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels