Why is that I can not get to the uplink device

SOLVED
John-Yberllan
Here to help

Why is that I can not get to the uplink device

Hi

 

I have two up links connected to by MX. Load balancing working. Can some explain why sometimes I am unable to get to the up link device which is not my primary WAN. The device on WAN2 has an IP address which is a different range of IP addressing than I am using around the normal network. 

 

Sometimes I get to is, web service type portal, sometimes I do not get to it. 

 

Kind regards

 

John

 

1 ACCEPTED SOLUTION

Yes your situation is exactly what I meant.

No worries.

 

So the problem right now is that you are load-balancing.  So if you're lucky your packet is NAT'ed towards the IP of WAN2 and sent outbound that way.  So for as long that flow exists the page will be reachable.

 

However another time it's possible you get routed out the WAN1 port.

The MX will not take into account the IP subnet located at WAN ports when NAT'ing your packet.  So normal routing will not work.  Yeah I know, weird right.

 

So you have to actually configure the MX for IP traffic going to the 192.168.1.0/24 subnet use WAN 2 uplink.

So in Dashboard go to Security & SD WAN -> SD-WAN & Traffic shaping -> Uplink selection and add an internet flow preference.  It should be obvious from there on.

View solution in original post

4 REPLIES 4
GIdenJoe
Kind of a big deal
Kind of a big deal

You should use uplink preferences for this.

 

However you can only match using L3 and L4 information.  Not the richer set the SD-WAN functionality has.

So to reach a certain subnet that is at a WAN interface of your MX you need to specify the uplink preference in the traffic-shaping configuration.

 

Beware: pingtests will not verify your configuration because for some reason icmp doesn't ever want to follow your preferences although you can actually set icmp as matching parameter...

Hi

 

not sure i am with you on the reply. Sorry. 

 

My normal Lan is 10,0,100,0  the uplink device for WAN 2 has an ip of 192.168.1.1,  in the browser if I type 192.168.1.1 at times I get the home page of the router device, sometimes i get site not reached. 

 

Kind regards

 

John

 

Yes your situation is exactly what I meant.

No worries.

 

So the problem right now is that you are load-balancing.  So if you're lucky your packet is NAT'ed towards the IP of WAN2 and sent outbound that way.  So for as long that flow exists the page will be reachable.

 

However another time it's possible you get routed out the WAN1 port.

The MX will not take into account the IP subnet located at WAN ports when NAT'ing your packet.  So normal routing will not work.  Yeah I know, weird right.

 

So you have to actually configure the MX for IP traffic going to the 192.168.1.0/24 subnet use WAN 2 uplink.

So in Dashboard go to Security & SD WAN -> SD-WAN & Traffic shaping -> Uplink selection and add an internet flow preference.  It should be obvious from there on.

Got it now. Many thanks 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels