My setup is MX400 - Gi1/1/1 External Switch Gi1/1/2 - Internet
My ISP has given me a block of IPs, say 184.108.40.206/24. we use 220.127.116.11 as our public IP, and that is what the MX IP is.
In order to get to the internet though I have to use IP 18.104.22.168 with next hop 22.214.171.124.
So on the external switch i have a vlan 10 configured with ip address 126.96.36.199 255.255.255.0.
switchport access vlan 10
ip address 188.8.131.52
ip route 0.0.0.0 0.0.0.0 184.108.40.206
ip route 220.127.116.11 255.255.255.255.0 18.104.22.168
My question is, can I do this on just the Meraki or do I have to have an external switch to do the routing.
Are you using the public IP block for servers behind the MX?
I use MX84 and we have a block of public IP but the next hop IP is within that IP address range.
You can have your MX with 22.214.171.124 and "gateway" or next-hop 126.96.36.199. Use 1:1 NAT or 1:Many to accept 188.8.131.52/24 address and point them to where you want.
I am not sure if that is what you're looking for or if you are required to use 184.108.40.206 on the MX. But the above proposed solution does remove the external switch.
To simplify things for a moment, if you were to put the IP settings directly on a computer and connect it to the ISP. Would you need to put the 220.127.116.11 or 18.104.22.168?
Typically the ISP will give you a /30 to use on your firewall (MX internet interface). So maybe that is the 22.214.171.124 with gateway 126.96.36.199? Then they usually bind the external IP block(s) to that IP range. So the 188.8.131.52/24 would bind to the 184.108.40.206 address above. So you could assign/NAT those addresses 1:1 directly on the MX. Example 220.127.116.11 could NAT to something on your internal LAN 192.168.1.2.
But I suppose it is possible that some ISPs do stuff differently/strangely.
I can put either 18.104.22.168 or 22.214.171.124, but as far as I know I really should keep it 126.96.36.199. I will investigate a little bit to be sure, thank you for the response.
Yes you can put this directly on the Meraki - however - all outbound requests from the Meraki would now appear to come from 188.8.131.52, and VPNs would need to use that as well.
Your public IP block could still be used for NATing to internal hosts and servers.
Thank you Philip, I guess that it what I was looking for. I do not want to change my public IP, all web traffic should come from 184.108.40.206, if there is no way to accomplish that then I will keep the external switch in place. Thank you everyone for the responses.