Public IP Pool!

khurram
Here to help

Public IP Pool!

Hello Members,

 

I have purchased /24 Public IP Pool from my upstream service provider. UP link is 1st terminated in the switch and than one cable from the switch terminated on the WAN interface on MX and Public IP given on WAN interface and MX is online. 

 

Now my question is how do i use my rest of Public IP Pool through Meraki? I want Public IP Pool routed from meraki. 

 

Thank you

13 REPLIES 13
cmr
Kind of a big deal
Kind of a big deal

@khurram you use 1:1 NAT to map individual public IPs to individual internal private IP addresses.  Do you have a lot of internal servers that need public access?

thanks for the reply i do not want to assign private IP and use 1:1 Nat i want to assign Public IP to any device/server etc.

ww
Kind of a big deal
Kind of a big deal

Its also possible to use no nat. 

Not sure if you can use the wan ip and lan from same subnet. Or you have to break the subnet in smaller pieces.

DarrenOC
Kind of a big deal
Kind of a big deal

Passthrough mode on the MX. Your MX will just behave as a Layer 2 bridge

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
DarrenOC
Kind of a big deal
Kind of a big deal

As @cmr states, use 1:1 NAT to map public IPs to your internal addresses.

 

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Configuring_1%3A1_NAT

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
mljevakovic
Here to help

Hi,

did you try ip nat overload feature?

Maybe this link will help you.

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

M

mljevakovic
Here to help

If you got public IP subnet for link as /30 subnet and the rest of you public IP address is pool /24 subnet Than you can just add that subnet to inside part (interface) to the rest of your network. In this case a ISP has route to this /24 pool of these public addresses via /30 subnet. You can use the rest of your pool as you want. Use it as the whole /24 subnet or divide it in smaller chunks of subnets for example 2x/25 sunets or 4x/26 subnets  etc..

M

If you have just the /24 and it is not routed via a stub, then as @DarrenOC says, you can use passthrough mode.

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian... 

 

Or as it @mljevakovic says, if you have a stub (/30 for example) and the /24 is routed via that then open a support ticket and request NO-NAT be enabled.  Then you'll see it under Security & SD-WAN/Addressing & VLANs.

PhilipDAth_0-1630266861352.png

 

 

 

Note that inbound traffic is not allowed by default.  If you want to be able to create inbound firewall rules as well also ask support to enable "L3 Inbound Rules".

Hello,

 

i have assigned Public IP e.g. 192.168.120.2  to my WAN interface and rest of the pool 192.168.120.5 to my LAN interface and also disable NAT on that interface but still i cannot access the IP from outside.

cmr
Kind of a big deal
Kind of a big deal

@khurram if you only have one subnet then you either need to divide it or put the MX in passthrough mode.  What subnet mask have you put on the WAN interface?

 

i.e. for routed mode

WAN 192.168.0.2 with subnet mask of 255.255.255.240

LAN 192.168.0.160 with subnet mask of 255.255.255.128

 

@cmr Yes i have divided the subnet.

WAN IP: 192.168.120.0/30

LAN IP: 192.168.120.4/29 etc....

 

but still i cannot access the IP 192.168.120.6 which is on device from outside.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

If you were going to break up your subnet like that then it would be:

192.168.120.0/30

192.168.120.4/30

192.168.120.8/29

 

And you would need to get 192.168.120.8/29 routed via your IP address in 192.168.120.0/30.  You would also need to open a support case and get inbound firewall rules enabled to allow the traffic in.  All traffic in that is not NATed is blocked by default.

 

 

Hello,

 

Yes i did the same as you mentioned and L3 Firewall is also enabled and allow any any is set but no effect. I'll be grateful to you if you share screenshots.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels