Community Record
3
Posts
0
Kudos
0
Solutions
Badges
Dec 8 2017
9:01 AM
Below is the technician's notes: In short the MX can not do internal 1:1 Natting When traffic leaves the interface from the 172 network it is sent to the 20 network in the full 172 network space ip. The Watchguard when traffic traverses to the other network interface allows it to appear as if it's coming from the 20 network IP of the watchguard (Similar to a router).
... View more
Dec 8 2017
8:46 AM
We're testing a Meraki MX84 before we purchase. 3 days were spent setting up VLANS using configuration from the old Watchguard. Finally, ready for cutover and everything worked EXCEPT-our internal web servers had no return path. The internal web server has 2 NICs. One goes to the Internet and has an IP address of 10.10.x.x and the other NIC's IP address is 20.10.10.x. The 20.10.x.x is NAT'd to our internal network. This allows the web team to perform updates without going out to the Internet then establish a tunnel back in. The MX84 has 2 Internet gateways and 2 BOVPNs. The 5th port is connected to a core switch. We were able to verify traffic passed internally from the core switch to the MX84 the on to the internal web server. However, traffic could not return through the same route. It defaulted to the 10.10.x.x network instead of 20.10.x.x. The Meraki engineer claimed that the MX84 wasn't capable of handling the problem as this time and it's a future feature. Can anyone help?
... View more