The Meraki Community
Register or Sign in
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About leadtheway
leadtheway

leadtheway

Building a reputation

Member since Jan 31, 2019

‎12-09-2022
Kudos from
User Count
CarolineS
Community Manager CarolineS
1
PhilipDAth
Kind of a big deal PhilipDAth
1
BrechtSchamp
BrechtSchamp
3
View All
Kudos given to
User Count
KarstenI
Kind of a big deal KarstenI
1
Inderdeep
Kind of a big deal Inderdeep
1
PhilipDAth
Kind of a big deal PhilipDAth
4
GaryShainberg
GaryShainberg
1
Nash
Nash
2
View All

Community Record

81
Posts
5
Kudos
0
Solutions

Badges

5th Birthday
50 Posts
First 5 Posts
Lift-Off View All
Latest Contributions by leadtheway
  • Topics leadtheway has Participated In
  • Latest Contributions by leadtheway
  • « Previous
    • 1
    • 2
    • 3
  • Next »

Re: L3 on MS225

by leadtheway in Switching
‎11-09-2022 11:41 AM
‎11-09-2022 11:41 AM
hmm, well we have an MX in place which ultimately would be doing the NAT.  So sounds like it can? ... View more

Re: L3 on MS225

by leadtheway in Switching
‎11-09-2022 11:38 AM
‎11-09-2022 11:38 AM
dang, i knew there was something. Thanks for the quick response ... View more

L3 on MS225

by leadtheway in Switching
‎11-09-2022 11:30 AM
‎11-09-2022 11:30 AM
So I notice on the 225 it gives me option for L3 routing. I've only used the 350 to do L3 before, mostly for ISP handoff/dmz type stuff.  A similar issue has arose and I'm trying to determine if i can do the same thing on the 225.  Here's my scenario   ISP give us a /30 WAN and /29 LAN block, so on the 350 I can create two L3 interfaces, one for each subnet, then put a zero route in to point to the /30 GW. Then that Vlan I created for the /29 subnet acts as DMZ and I just put switchports that need to go to edge equipment in that vlan and assign IPs out of that /29 block.. Can i do the same on the 225? ... View more
Labels:
  • Labels:
  • Interfaces
  • Layer 3

Re: configure /30 and /29 from ISP

by leadtheway in Security / SD-WAN
‎08-15-2022 01:09 PM
‎08-15-2022 01:09 PM
Ok, I should probably clarify, this is already in place (the connection) the current firewall is a watchguard, but they are using the /30 address.  We will be putting in the MX. Was trying to see how to configure it ... View more

configure /30 and /29 from ISP

by leadtheway in Security / SD-WAN
‎08-15-2022 11:31 AM
‎08-15-2022 11:31 AM
so Have a question on if I can do this and how, Have an ISP that has 2 blocks, their WAN block for their equipment is a /30, but they give us a /29 for our block of IPs.  We have an MX 100 we will be putting in.  In the past I've done this with a MS 350 switch where i created two different vlans, one for each block and then put in a zero route to point to the /30 gateway.  Then just drop whatever switchports into the /29 vlan and assigned the IPs to the equipment as needed. We don't have any MS switches here so I'm wondering can i do the same thing on the MX and be able to basically plug it in to itself that way?  Or is there an easier way?   Thanks in advanced. ... View more
Labels:
  • Labels:
  • Other

Non meraki Peer site to site with Azure VMX

by leadtheway in Security / SD-WAN
‎06-28-2022 12:24 PM
‎06-28-2022 12:24 PM
Have a Azure vmx-m deployed with autovpn to a couple sites in same org without issue. We are wanting to create a site to site with a non meraki appliance.  On the VMX side I should be using whats showing for the public IP as the endpoint correct? Right now the wan shows the virtual network created in azure for it. I can't ping that address from anything. I believe all the transform sets match for IKEv1, only thing i see different is on the non meraki authentication they show Sha2-256, on meraki side, only SHA256. Not sure if that makes a difference.  ... View more
Labels:
  • Labels:
  • 3rd Party VPN
  • Azure

Re: Dual MX and Dual ISP

by leadtheway in Security / SD-WAN
‎06-05-2021 11:08 AM
‎06-05-2021 11:08 AM
its an extra switch we aren't using. I just confirmed with ISP, one is a /30 and one is a /29 so not sure what I can even do now given your suggestions (which are awesome and will be used from now on) ... View more

Re: Dual MX and Dual ISP

by leadtheway in Security / SD-WAN
‎06-05-2021 11:07 AM
‎06-05-2021 11:07 AM
yeah I understand that for load balancing the Wan connections, I also want to make the MX fully redunant ... View more

Re: Dual MX and Dual ISP

by leadtheway in Security / SD-WAN
‎06-05-2021 10:27 AM
‎06-05-2021 10:27 AM
got it, that helps, but we don't have extra switches at the moment, both ISP are single router handoff (ATT/Spectrum). Is there a way to do this using an extra MS225? ... View more

Re: Dual MX and Dual ISP

by leadtheway in Security / SD-WAN
‎06-05-2021 09:50 AM
‎06-05-2021 09:50 AM
so do i need to create a DMZ of some sort for each ISP on one of the MS switches? Im having a hard time picturing the cabling ... View more

Dual MX and Dual ISP

by leadtheway in Security / SD-WAN
‎06-05-2021 09:26 AM
‎06-05-2021 09:26 AM
Never deployed in this configuration before, I've done single MX with dual wan, Is there a specific way to setup these MX in either hot spare or true LB config?   Its two MX 100 and two different ISP  ... View more

Re: Meraki with Sonic wall design help

by leadtheway in Security / SD-WAN
‎04-03-2020 11:32 AM
2 Kudos
‎04-03-2020 11:32 AM
2 Kudos
Lol , sorry for making you guys read that..I got it worked out.. I had planned on posting a diagram later after i posted but I was in the weeds. Thanks anyways! ... View more

Meraki with Sonic wall design help

by leadtheway in Security / SD-WAN
‎04-02-2020 02:29 PM
‎04-02-2020 02:29 PM
So we have an existing sonicwall stack that is going to be phased out, but because of the way its setup now(the network) we need to keep it as well as the existing dell switch stack.  We have the following equipment   2x Sonicwall in HA currently both plugged into breakout 4 dell PC switches in stack 1x MX84 2x MS120   at remote side there is a dumb netgear switch with fiber running to an old building being phased out that runs to this main building.. That fiber is going away.. Enter 1MX64 and MS120   So heres my dilemma.  2 subnets one each side, both gateways are the sonicwall interfaces.  10.20.156.x/10.20.160.x     Right now MX84 wan is plugged into dell switch with the fiber for 160 subnet, so its getting a dhcp address.  The other subnet is 100% static.  What I want to be able to do is   Plug MX Wan port into breakout switch, plug MS switches into mx(as they are), remove the uplink from mx to the dell switch.  Have native vlan 1 be the 10.20.156.x and a voice vlan of 10.20.20.x. Currently vlan1 on meraki is the default 192.168.168.x that comes with it. and at the remote side, have a auto-vpn to the mx and still access data on the 10.20.156.x subnet(domain services) as I said the gateway for the sonicwall.  If I create the 160 subnet on the remote Mx64 where do i need a route across the vpn?  Do i need that 160 on an interface on the mx84 as well? Since the sonicwall is already doing DHCP for that subnet, could it still do it across vpn? Trying to wade through the best way to do this. Any clarity would be much appreciated     ... View more

Re: multiple stacks same network issue

by leadtheway in Switching
‎02-04-2020 05:29 AM
‎02-04-2020 05:29 AM
https://meraki.cisco.com/blog/2016/05/visio-stencils-now-available/ ... View more

Re: Client VPN using static route

by leadtheway in Security / SD-WAN
‎10-31-2019 12:20 PM
‎10-31-2019 12:20 PM
yeah I can reach from the LAN subnet fine ... View more

Re: Client VPN using static route

by leadtheway in Security / SD-WAN
‎10-31-2019 12:09 PM
‎10-31-2019 12:09 PM
so I can ping the other side of the route (gateway ) now since they put route back in, but can't ping the server i need..I'm thinking maybe an ACL on their side..heres what its looking like   Tracing route to 10.209.95.84 over a maximum of 30 hops 1 * * * Request timed out. 2 * * * Request timed out. 3 50 ms * * 10.226.156.240 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * * ... View more

Re: Client VPN using static route

by leadtheway in Security / SD-WAN
‎10-31-2019 11:08 AM
‎10-31-2019 11:08 AM
yeah thats exactly what I am thinking too..I've reached out to them and am having them make sure there is a route back for the client vpn subnet.   Wasn't sure if i was missing something on our end in regards to that client vpn subnet ... View more

Client VPN using static route

by leadtheway in Security / SD-WAN
‎10-31-2019 10:31 AM
‎10-31-2019 10:31 AM
Have Client VPN  thats using meraki cloud for authentication and DHCP.  On the MX thats doing the client VPN, theres a static route that users there on the local LAN need to use to reach another subnet for business application thats managed by 3rd party.. that works fine. But client vpn user can access that local LAN fine, but can't access that business app subnet.  Is there a trick to it? ... View more

Re: MX VPN with non meraki peer overlapping subnets

by leadtheway in Security / SD-WAN
‎08-28-2019 05:51 AM
‎08-28-2019 05:51 AM
yeah I confirm it as well, but the save changes button is always active and not grayed out indicating something needs saved ... View more

MX VPN with non meraki peer overlapping subnets

by leadtheway in Security / SD-WAN
‎08-27-2019 04:17 PM
‎08-27-2019 04:17 PM
so not sure what I can do here.  Basically this is the setup.  Have an asa at corp site, with a bunch of asa's at other sites and just now using MX at a few new sites.  Network is like this each site has 3 networks, one for data, voice and wireless...data goes 10.0.site number.0   voice  172.17.site number.0  wireless is whatever.  so in this example two sites   10.0.60.0/24 172.17.60.0/24   10.0.70.0/24 172.17.70.0/24   both advertised in vpn, but the remote subnet of the meraki peer have private subnets being written as summarized.  so    10.0.0.0/15 172.17.0.0/16   when i try to save the config on the MX i get this:   The changes you requested require confirmation. Please review the following list The VLAN subnet 172.17.70.0/24 overlaps with a remote VPN subnet on the non-Meraki peer Corp00 (172.17.0.0/16). IP traffic will be routed to the smallest subnet that contains the IP address. The subnet on the non-Meraki peer Corp (172.17.0.0/16) overlaps with a subnet on the network 60 LOC - appliance (172.17.60.0/24). IP traffic will be routed to the smallest subnet that contains the IP address.   it won't save but  I can still ping across.  Is there a way to do this so that the voice can talk to what it needs to? ... View more

Re: MX to ASA site to site

by leadtheway in Security / SD-WAN
‎08-23-2019 12:51 PM
‎08-23-2019 12:51 PM
i can see ACls and crypto map in the asa with a source of the asa subnets and destination of the MX subnets with ip service set to permit. ... View more

Re: MX to ASA site to site

by leadtheway in Security / SD-WAN
‎08-23-2019 12:34 PM
‎08-23-2019 12:34 PM
I used the wizard for the site to site in adsm...would it do it for me? ... View more

Re: MX to ASA site to site

by leadtheway in Security / SD-WAN
‎08-23-2019 12:14 PM
‎08-23-2019 12:14 PM
It looks like i can't even ping the next hop that is the mx...like 10.60.0.1     ... View more

Re: MX to ASA site to site

by leadtheway in Security / SD-WAN
‎08-23-2019 12:01 PM
‎08-23-2019 12:01 PM
hmm says subnet not in table.,..i did see that the ASA subnets GW is a catalyst 4500.  ... View more

Re: MX to ASA site to site

by leadtheway in Security / SD-WAN
‎08-23-2019 11:12 AM
‎08-23-2019 11:12 AM
Oh, so on the mx, those subnets should have static routes?  heres the routing table Yes the ASA is the default for its connected subnets. I could post that config if it would help ... View more
  • « Previous
    • 1
    • 2
    • 3
  • Next »
Kudos from
User Count
CarolineS
Community Manager CarolineS
1
PhilipDAth
Kind of a big deal PhilipDAth
1
BrechtSchamp
BrechtSchamp
3
View All
Kudos given to
User Count
KarstenI
Kind of a big deal KarstenI
1
Inderdeep
Kind of a big deal Inderdeep
1
PhilipDAth
Kind of a big deal PhilipDAth
4
GaryShainberg
GaryShainberg
1
Nash
Nash
2
View All
My Top Kudoed Posts
Subject Kudos Views

Re: Meraki with Sonic wall design help

Security / SD-WAN
2 1586

Re: Issue with show details

Security / SD-WAN
1 1418

Re: /30 and /29 comcast edi issue

Switching
1 1203

Re: Content Filtering/whitelisting

Wireless LAN
1 1567
View All
Powered by Khoros
custom.footer.
  • Community Guidelines
  • Cisco Privacy
  • Khoros Privacy
  • Privacy Settings
  • Terms of Use
© 2023 Meraki