Community Record
81
Posts
5
Kudos
0
Solutions
Badges
Nov 9 2022
11:41 AM
hmm, well we have an MX in place which ultimately would be doing the NAT. So sounds like it can?
... View more
Nov 9 2022
11:30 AM
So I notice on the 225 it gives me option for L3 routing. I've only used the 350 to do L3 before, mostly for ISP handoff/dmz type stuff. A similar issue has arose and I'm trying to determine if i can do the same thing on the 225. Here's my scenario ISP give us a /30 WAN and /29 LAN block, so on the 350 I can create two L3 interfaces, one for each subnet, then put a zero route in to point to the /30 GW. Then that Vlan I created for the /29 subnet acts as DMZ and I just put switchports that need to go to edge equipment in that vlan and assign IPs out of that /29 block.. Can i do the same on the 225?
... View more
Labels:
- Labels:
-
Interfaces
-
Layer 3
Jun 5 2021
11:08 AM
its an extra switch we aren't using. I just confirmed with ISP, one is a /30 and one is a /29 so not sure what I can even do now given your suggestions (which are awesome and will be used from now on)
... View more
Jun 5 2021
11:07 AM
yeah I understand that for load balancing the Wan connections, I also want to make the MX fully redunant
... View more
Jun 5 2021
10:27 AM
got it, that helps, but we don't have extra switches at the moment, both ISP are single router handoff (ATT/Spectrum). Is there a way to do this using an extra MS225?
... View more
Jun 5 2021
9:50 AM
so do i need to create a DMZ of some sort for each ISP on one of the MS switches? Im having a hard time picturing the cabling
... View more
Jun 5 2021
9:26 AM
Never deployed in this configuration before, I've done single MX with dual wan, Is there a specific way to setup these MX in either hot spare or true LB config? Its two MX 100 and two different ISP
... View more
Oct 31 2019
12:09 PM
so I can ping the other side of the route (gateway ) now since they put route back in, but can't ping the server i need..I'm thinking maybe an ACL on their side..heres what its looking like Tracing route to 10.209.95.84 over a maximum of 30 hops 1 * * * Request timed out. 2 * * * Request timed out. 3 50 ms * * 10.226.156.240 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * *
... View more
Oct 31 2019
11:08 AM
yeah thats exactly what I am thinking too..I've reached out to them and am having them make sure there is a route back for the client vpn subnet. Wasn't sure if i was missing something on our end in regards to that client vpn subnet
... View more
Oct 31 2019
10:31 AM
Have Client VPN thats using meraki cloud for authentication and DHCP. On the MX thats doing the client VPN, theres a static route that users there on the local LAN need to use to reach another subnet for business application thats managed by 3rd party.. that works fine. But client vpn user can access that local LAN fine, but can't access that business app subnet. Is there a trick to it?
... View more
Aug 28 2019
5:51 AM
yeah I confirm it as well, but the save changes button is always active and not grayed out indicating something needs saved
... View more
Aug 27 2019
4:17 PM
so not sure what I can do here. Basically this is the setup. Have an asa at corp site, with a bunch of asa's at other sites and just now using MX at a few new sites. Network is like this each site has 3 networks, one for data, voice and wireless...data goes 10.0.site number.0 voice 172.17.site number.0 wireless is whatever. so in this example two sites 10.0.60.0/24 172.17.60.0/24 10.0.70.0/24 172.17.70.0/24 both advertised in vpn, but the remote subnet of the meraki peer have private subnets being written as summarized. so 10.0.0.0/15 172.17.0.0/16 when i try to save the config on the MX i get this: The changes you requested require confirmation. Please review the following list The VLAN subnet 172.17.70.0/24 overlaps with a remote VPN subnet on the non-Meraki peer Corp00 (172.17.0.0/16). IP traffic will be routed to the smallest subnet that contains the IP address. The subnet on the non-Meraki peer Corp (172.17.0.0/16) overlaps with a subnet on the network 60 LOC - appliance (172.17.60.0/24). IP traffic will be routed to the smallest subnet that contains the IP address. it won't save but I can still ping across. Is there a way to do this so that the voice can talk to what it needs to?
... View more
Aug 23 2019
12:51 PM
i can see ACls and crypto map in the asa with a source of the asa subnets and destination of the MX subnets with ip service set to permit.
... View more
Aug 23 2019
12:34 PM
I used the wizard for the site to site in adsm...would it do it for me?
... View more
Aug 23 2019
12:14 PM
It looks like i can't even ping the next hop that is the mx...like 10.60.0.1
... View more
Aug 23 2019
12:01 PM
hmm says subnet not in table.,..i did see that the ASA subnets GW is a catalyst 4500.
... View more
Aug 23 2019
11:12 AM
Oh, so on the mx, those subnets should have static routes? heres the routing table Yes the ASA is the default for its connected subnets. I could post that config if it would help
... View more
Aug 23 2019
10:58 AM
the meraki is the DFGW for all the subnets of the meraki side. The meraki should make those uplink decisions correct? I'm trying to test right from the meraki mx pinging a host behind asa
... View more
Aug 23 2019
8:25 AM
Yes this is the doc I used. Currently there are a bunch of asa to asa site to sites so there was already an object group created for the asa subsets but they are summarized in a /15. Like the 10.0.0.0/15 actually has 10.0.3.0/24 and 10.0.4.0/24.
... View more
Aug 23 2019
7:11 AM
Having an issue with a meraki and an ASA site to site. When i first built tunnel it showed up, both green on meraki and showing MM_active in the crypto sa on the ASA. But Still can't talk to devices behind the asa. And periodically when I check asa vpn status it shows red, but when i try to ping something behind the asa i get 100% loss but the tunnel will then show green. Not sure if its an issue with meraki and using summarized subnets or something else. Anyone have experience with this?
... View more
Apr 1 2019
8:32 AM
so I need physical access? and does it have to be port 2 or can it be any?
... View more
Apr 1 2019
8:18 AM
Have several MX appliances, mix of 84 and 100's. Setting up backup internet connections on the 84 seemed straightforward, just edit WAN 2. I'm not seeing similar option on 100? is there a trick to it, i don't see where i can toggle one of the interfaces for WAN. Also, is there anything special about any settings for the failover or is it just plug and play
... View more
Mar 29 2019
7:39 AM
Setup Client VPN on MX100..connects fine. Specified nameservers for the DNS servers for AD domain. Confirmed that when connected its getting those dns servers. However can't resolve dns to ip. Am I missing something.. I can ping the dns servers from the mx fine.
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 1 | 3067 | |
| 1 | 2640 |
