Use a range from an ISP on an MX WAN interface which isnt in the same subnet

Solved
CGRE
Here to help

Use a range from an ISP on an MX WAN interface which isnt in the same subnet

We have a Meraki MX and an ASA, currently the ASA is happy with running the sets of public addressing (we can use both on the ASA) our ISP has issued.

 

The ISP has issued the below on a single access circuit (this is the secondary circuit, we already have a working circuit/range in WAN1 which is different) this is exactly how the ISP describes the public subnets we can use on this circuit.

WAN Pool:- 212.161.19.200/29

LAN Pool :- 217.111.163.168/29

 

We can use 212.161.19.200/29 fine no issue on WAN2 however we have a requirement to use IP's in the 217.111 range issued on the same circuit but we cant seem to do this on the MX, on the ASA it appears to just route to the interface and works but I cant see a way to get this second range working on WAN2 on my MX, is it possible?

It looks like so far as its not part of the same subnet it wont allow routing to it.

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

You're overthinking it.

 

Just NAT out of the second pool (just like you do on the ASA).  It will work.

View solution in original post

5 Replies 5
rhbirkelund
Kind of a big deal
Kind of a big deal

What model MX is it? Models MX6n have a shared WAN2 and LAN port, so in order to use WAN2, you'll need to convert a LAN port to WAN

 

I had .misunderstood the question, so just disregard. 🙂

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
PhilipDAth
Kind of a big deal
Kind of a big deal

You're overthinking it.

 

Just NAT out of the second pool (just like you do on the ASA).  It will work.

Bruce
Kind of a big deal

Your carrier has the 212.161.19.200/29 subnet on the actual WAN link, but the 217.111.163.168/29 doesn’t actually exist on the link. As Philip said, you just need to create a NAT for these addresses on the MX and the carrier needs to route the 217.111.163.168/29 subnet to the IP address that is on the WAN port of the MX. The MX doesn’t do any checks around whether or not the public IP for a NAT can be reached, it just assumes it can be and just listens for the IP address.

 

If you want to use the public IP addresses on the LAN side of the MX you just create a 1:1 NAT for each of the six useable IP addresses, with the same public IP for Public IP and LAN IP. If you want to use private IPs on the LAN then just use the public IP for the Public IP, and the private IP for the LAN IP.

CGRE
Here to help

thanks both, will try this and see if it works, didnt realise the MX would just cope with it and allow a NAT for subnets it doesnt have on an interface.

CyberDingo
Getting noticed

Sorry for the old post, but I am having the same issue, and I am not really understanding. Would this be the configuration to this problem mentioned in this post?

CyberDingo_0-1719260341035.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels