Routing 2 networks in MX68

petermlamont
Comes here often

Routing 2 networks in MX68

I'm just starting out with a Meraki MX68 and need to route SIP lines from our VoIP provider and data traffic from our internet provider to our internal LAN. Additionally, we have remote users who point their VoIP handsets to our public IP which is port-forwarded to our internal PBX. I see many options on the MX but not sure where to start. Can someone point me in the right direction please?WAN Diagram Template.vpd.png

 

7 REPLIES 7
AjitKumar
Head in the Cloud

Hi @petermlamont 

 

  • Lets terminate internet link

[I believe you are already done with the below configuration however just in case you need any additional information]

To terminate the internet link on the Internet 1 port of Meraki MX68

 

You may read the following Url

https://documentation.meraki.com/MX/Installation_Guides/MX67%2F%2FMX68_Installation_Guide#Configurin...

 

This shall bring the device live (connected to Meraki Cloud). Here after we need to do all the configuration via the web portal (dashboard,meraki.com).

 

  • Route SIP Lines [I may not be correct here. @PhilipDAth advice solicited]

Create  VLANs for SIP MPLS and Internal LAN 

Security & SDWAN > Addressing & VLANs > Routing

 

  • Port forwarding to Internal PBX

Security & SDWAN > Firewall > Forwarding rules

 

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

Thank you Ajit.

 

The MX is connected to the Meraki dashboard.

 

The SIP line into our building is separate to the internet connection (2 different ports on the NTU), therefore would need to connect to a second MX port. Perhaps my first question should have been "Can the MX68 take two external WANs simultaneously?" I see there are 2 WAN ports, but is this simply for redundancy?

Hi @petermlamont 

Certainly MX68 can accommodate 2 external WAN links simultaneously.

Yep, The links can work as fail over / load balancing. Also we can define rules to send traffic of specific source (IP Address) to exit via a select Link (WAN1 / WAN2).

 

Is this the answer to your question? I am not sure.

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

Hi @AjitKumar 

 

yes that is part of the answer. Do I need to set up two routers, or can I do this with the one MX and use both WAN ports (one for Internet, the other for SIP)? Would I need to set up a static route between and then port forward?

 

Cheers

Hi @petermlamont 

My understanding is Internet will terminate on WAN1 and SIP MPLS will terminate on LAN Port (You will create a VLAN on MX).

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

As Ajit indicated, I think you will need to connect the MPLS link, over which the SIP gateway is connected, into a LAN port on the MX - and setup a VLAN on that port, over which the MX can route.   One of the two 10.x.x.x /30 addresses will have been allocated for you to use (the other will be on the MPLS router).

You'll want a static route on the MX, pointing the address(es) for the SIP service at the 10.x.x.x/30 of the MPLS router on your VLAN.

You will probably want to add firewall rules to the MX, to control what resources at the site the MPLS link can access  (probably just the IP PBX..?)  By default the MX allows all inter-VLAN traffic...

Thank you very much @GreenMan & @AjitKumar . I will give it a go and revert. Cheers

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels