Meraki

Community

Public IP Pool!

khurram
Here to help
‎Aug 29 2021 7:30 AM
‎Aug 29 2021 7:30 AM

Public IP Pool!

Hello Members,

 

I have purchased /24 Public IP Pool from my upstream service provider. UP link is 1st terminated in the switch and than one cable from the switch terminated on the WAN interface on MX and Public IP given on WAN interface and MX is online. 

 

Now my question is how do i use my rest of Public IP Pool through Meraki? I want Public IP Pool routed from meraki. 

 

Thank you

0 Kudos
13 Replies 13
cmr
Kind of a big deal
Kind of a big deal
‎Aug 29 2021 9:07 AM
‎Aug 29 2021 9:07 AM

@khurram you use 1:1 NAT to map individual public IPs to individual internal private IP addresses.  Do you have a lot of internal servers that need public access?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to cmr
khurram
Here to help
‎Aug 29 2021 10:51 AM
‎Aug 29 2021 10:51 AM

thanks for the reply i do not want to assign private IP and use 1:1 Nat i want to assign Public IP to any device/server etc.

0 Kudos
In response to khurram
ww
Kind of a big deal
Kind of a big deal
‎Aug 29 2021 11:04 AM
‎Aug 29 2021 11:04 AM

Its also possible to use no nat. 

Not sure if you can use the wan ip and lan from same subnet. Or you have to break the subnet in smaller pieces.

In response to khurram
DarrenOC
Kind of a big deal
Kind of a big deal
‎Aug 29 2021 11:07 AM
‎Aug 29 2021 11:07 AM

Passthrough mode on the MX. Your MX will just behave as a Layer 2 bridge

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
DarrenOC
Kind of a big deal
Kind of a big deal
‎Aug 29 2021 9:28 AM
‎Aug 29 2021 9:28 AM

As @cmr states, use 1:1 NAT to map public IPs to your internal addresses.

 

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Configuring_1%3A1_NAT

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
mljevakovic
Here to help
‎Aug 29 2021 11:04 AM
‎Aug 29 2021 11:04 AM

Hi,

did you try ip nat overload feature?

Maybe this link will help you.

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

M

0 Kudos
mljevakovic
Here to help
‎Aug 29 2021 11:12 AM
‎Aug 29 2021 11:12 AM

If you got public IP subnet for link as /30 subnet and the rest of you public IP address is pool /24 subnet Than you can just add that subnet to inside part (interface) to the rest of your network. In this case a ISP has route to this /24 pool of these public addresses via /30 subnet. You can use the rest of your pool as you want. Use it as the whole /24 subnet or divide it in smaller chunks of subnets for example 2x/25 sunets or 4x/26 subnets  etc..

M

0 Kudos
In response to mljevakovic
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 29 2021 12:53 PM
‎Aug 29 2021 12:53 PM

If you have just the /24 and it is not routed via a stub, then as @DarrenOC says, you can use passthrough mode.

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian... 

 

Or as it @mljevakovic says, if you have a stub (/30 for example) and the /24 is routed via that then open a support ticket and request NO-NAT be enabled.  Then you'll see it under Security & SD-WAN/Addressing & VLANs.

PhilipDAth_0-1630266861352.png

 

 

 

Note that inbound traffic is not allowed by default.  If you want to be able to create inbound firewall rules as well also ask support to enable "L3 Inbound Rules".

In response to PhilipDAth
khurram
Here to help
‎Sep 6 2021 7:38 AM
‎Sep 6 2021 7:38 AM

Hello,

 

i have assigned Public IP e.g. 192.168.120.2  to my WAN interface and rest of the pool 192.168.120.5 to my LAN interface and also disable NAT on that interface but still i cannot access the IP from outside.

0 Kudos
In response to khurram
cmr
Kind of a big deal
Kind of a big deal
‎Sep 6 2021 8:26 AM
‎Sep 6 2021 8:26 AM

@khurram if you only have one subnet then you either need to divide it or put the MX in passthrough mode.  What subnet mask have you put on the WAN interface?

 

i.e. for routed mode

WAN 192.168.0.2 with subnet mask of 255.255.255.240

LAN 192.168.0.160 with subnet mask of 255.255.255.128

 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
khurram
Here to help
‎Sep 6 2021 10:36 AM
‎Sep 6 2021 10:36 AM

@cmr Yes i have divided the subnet.

WAN IP: 192.168.120.0/30

LAN IP: 192.168.120.4/29 etc....

 

but still i cannot access the IP 192.168.120.6 which is on device from outside.

 

0 Kudos
In response to khurram
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 6 2021 1:45 PM
‎Sep 6 2021 1:45 PM

If you were going to break up your subnet like that then it would be:

192.168.120.0/30

192.168.120.4/30

192.168.120.8/29

 

And you would need to get 192.168.120.8/29 routed via your IP address in 192.168.120.0/30.  You would also need to open a support case and get inbound firewall rules enabled to allow the traffic in.  All traffic in that is not NATed is blocked by default.

 

 

0 Kudos
In response to PhilipDAth
khurram
Here to help
‎Sep 7 2021 11:05 AM
‎Sep 7 2021 11:05 AM

Hello,

 

Yes i did the same as you mentioned and L3 Firewall is also enabled and allow any any is set but no effect. I'll be grateful to you if you share screenshots.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.