@jdsilva  That's one thing we don't have to worry about as we run fixed IP for everything. (something else we inherited!) I disabled DHCP on both interfaces on both MXs before we tried going live.   @T-800 I'll take a look at those articles thanks.   EDIT Following a call with Meraki Technical sales this morning it is clear we have a non standard/recommend network setup, Meraki do not support two live active MXs on the same network! We will have to make changes to our network setup to get them to work properly and hopefully improve the network in general. In light of this @T-800 I've marked your reply as the solution.   Many thanks to all that have contributed to this thread it has been very enlightening and now looks like I have quite a bit of learning and work to do.   Ian       ... View more

Hi T-800, Your first sentence is spot on that is exactly what we have! (well what we inherited from previous employees no longer here anyway)   Would i be correct in saying that the ASA5510's were not acting as L3 gateways ? Hence us not having any problems with them in our setup?   Also Can i just add that we are using public IPs from BOTH ISPs for web and ftp services at the same time. So we have some servers pointing at ISP link1 and some pointing at ISP link2 Could that be achieved with your suggested setup?   Many Thanks for your help and advice.   Ian       ... View more

Hi Adam,   We don't have two networks there is only one LAN 192.168.100.0/22   We don't have site to site VPNs   ALL PCs and Servers sit on the same LAN   Thanks Ian   ... View more

What do you mean by redundant link?   I've never really got my head around spanning tree! I always assumed it was to do with accidentally creating loops on the network. Some of our switches have trunked fibre ports to give larger bandwidth between buildings and i know from painful experience if the trunk gets broken so the two fibre are no longer linked and they essentially create a loop on then all hell breaks loose on the network! ... View more

I've just double checked and the MX1 and MX2 LAN and DMZ ports all have the correct IP's no duplicates.   I guess well have to look at a packet capture with both MXs up and running.   Thanks Ian   ... View more

We have to select the network drop down box to select either MX   ... View more

Hi jdsliva, Sorry no the MXs interfaces have unique IPs   MX 1 Internet port = 80.194... LAN port = 192.168.100.2 DMZ port = 172.16.30.1   MX 2 Internet port = 62.255... LAN port = 192.168.100.10 DMZ port = 172.16.30.113   But as you can see both the LAN and DMZ IPs are within the same network range because we have just one subnet for LAN and one for DMZ. The LAN and DMZ are physically separated networks different switches and cables. We have no VLANs at all.   Thanks for your help.   Ian         ... View more

Hi Adam,  No problem.   1. We have two independent internet links total (2) One link connects to ASA 1 and the other link connects to ASA 2 and thats how we cabled the MXs on 1 link 1 MX (It has to be this way as the internet links are in different buildings)   2. We can see both MXs in the Meraki Dashboard but I think they are different networks as we have to select an MX to configure or look at statistics of each one. here is a screen shot.     EDIT But both MXs have this same network config see screen shot.   Many Thanks for your continued help.   Ian ... View more

Hi Everyone and many thanks for the replies. I'm not sure i explained our situation very well, also i'm no network engineer!   Original config: One LAN network (192.168.100.0/22) One DMZ Network (172.16.30.0/24) We have two active internet links both being used at the same time We host a web server and ftp server on each link We have an ASA 5510 on each link and the ASAs operate independently BUT both have interfaces IPs on the LAN and DMZ.   A PC or server on our LAN could use either internet link by changing the gateway 192.168.100.2 (ASA 1) or we could use the other 192.168.100.10 (ASA 2) This has work fine for years   The Plan was simply to replace the ASAs with MX84s I'm using the same interface IPs from the ASAs on the MXs  ASA 1 Outside interface IP, LAN Interface and DMZ interface IPs have been set on MX 1 ASA 2 Interface IPs have been set on MX 2   But when we power off the ASAs and power on the MXs (We do power cycle the ISP routers to clear the ARP cache) we start getting major network issues, internal systems that should not be going through the firewalls opening files from file servers, internal voice calls (voip) breaking up, internal management systems crashing after loosing connection to the SQL server!?   @ww I hope that explains what the 2nd MX should be doing.   @jdsilva No I understand the idea of a warm spare but that is not what we are trying to do we need both to be active and in use at the same time.   @Adam Your reply is worrying as it suggests that we can not replicate the original setup with MXs in place of the ASAs do you still think this is the case with the explanation above?  Also each ASA had just 3 interfaces and so do the MXs as listed above.   @PhilipDAth Yes spot on the two ASAs are completely independent of each other they just sit on the same LAN and DMZ network and that is what we are trying to replicate with the MXs   Many Thanks Ian     ... View more

I had checked firewalls but missed the default gateway! We have two internet links and the PCs with the MX as their DG were the only ones i could ping. Everything else is still on our primary link on an old ASA 5510.   Thanks Ian   ... View more