Single WAN , 2 MX's ?!

Solved
ahmadtat
Getting noticed

Single WAN , 2 MX's ?!

Hi,

 

We have a client who has a single internet connection (single UTP cable) with a single Public IP address that he's using to access some servers and services from outside (using port forwarding).

Any suggestions on how to setup 2 MX's in HA mode (hot stand-by) ? to accomplish Hardware failure availability ..

 

I know we can not use the same public IP address on both MX's at  the same time,, and using a device to terminate the ISP link first then NAT the traffic through it will cause a lot of problems for port forwarding requirements. (not to mention Auto-VPN).

 

Any recommendations?

 

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

The easiest way is to get a cheap backup connection (or a 4G hot spot with Ethernet ports) and plug WAN2 of each MX into this backup circuit.  This keeps both units online and their configs and firmware up to date.

 

Then on primary circuit failure you move the cable from WAN1 on the first MX to the second MX.

View solution in original post

5 Replies 5
Chris_M
Getting noticed

You can use a small switch in between the provider's equipment and your 2 MX. Assuming you get a /29 or higher block of public IP address, you can then set each MX on its own ip addressing and connect to the ISP that has only one link.

 

No need for port forwarding or other setup since the switch is unmanaged.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator

@Chris_M

Unfortunately, the ISP provided only a single IP address (not two) , hence this way will not work.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

The easiest way is to get a cheap backup connection (or a 4G hot spot with Ethernet ports) and plug WAN2 of each MX into this backup circuit.  This keeps both units online and their configs and firmware up to date.

 

Then on primary circuit failure you move the cable from WAN1 on the first MX to the second MX.

@PhilipDAth

so the physical failover will be the way to go?

No auto failover workaround in such scenarios?

PhilipDAth
Kind of a big deal
Kind of a big deal

Correct.

Get notified when there are additional replies to this discussion.