My setup is MX400 - Gi1/1/1 External Switch Gi1/1/2 - Internet
My ISP has given me a block of IPs, say 220.127.116.11/24. we use 18.104.22.168 as our public IP, and that is what the MX IP is.
In order to get to the internet though I have to use IP 22.214.171.124 with next hop 126.96.36.199.
So on the external switch i have a vlan 10 configured with ip address 188.8.131.52 255.255.255.0.
switchport access vlan 10
ip address 184.108.40.206
ip route 0.0.0.0 0.0.0.0 220.127.116.11
ip route 18.104.22.168 255.255.255.255.0 22.214.171.124
My question is, can I do this on just the Meraki or do I have to have an external switch to do the routing.
Are you using the public IP block for servers behind the MX?
I use MX84 and we have a block of public IP but the next hop IP is within that IP address range.
You can have your MX with 126.96.36.199 and "gateway" or next-hop 188.8.131.52. Use 1:1 NAT or 1:Many to accept 184.108.40.206/24 address and point them to where you want.
I am not sure if that is what you're looking for or if you are required to use 220.127.116.11 on the MX. But the above proposed solution does remove the external switch.
To simplify things for a moment, if you were to put the IP settings directly on a computer and connect it to the ISP. Would you need to put the 18.104.22.168 or 22.214.171.124?
Typically the ISP will give you a /30 to use on your firewall (MX internet interface). So maybe that is the 126.96.36.199 with gateway 188.8.131.52? Then they usually bind the external IP block(s) to that IP range. So the 184.108.40.206/24 would bind to the 220.127.116.11 address above. So you could assign/NAT those addresses 1:1 directly on the MX. Example 18.104.22.168 could NAT to something on your internal LAN 192.168.1.2.
But I suppose it is possible that some ISPs do stuff differently/strangely.
Yes you can put this directly on the Meraki - however - all outbound requests from the Meraki would now appear to come from 22.214.171.124, and VPNs would need to use that as well.
Your public IP block could still be used for NATing to internal hosts and servers.
Thank you Philip, I guess that it what I was looking for. I do not want to change my public IP, all web traffic should come from 126.96.36.199, if there is no way to accomplish that then I will keep the external switch in place. Thank you everyone for the responses.
I can put either 188.8.131.52 or 184.108.40.206, but as far as I know I really should keep it 220.127.116.11. I will investigate a little bit to be sure, thank you for the response.