Pepwave Max Bri and Meraki MX IP Passthrough

andylowe04 · January 23, 2017, 3:08am

Hi,

I have a Pepwave Max BRI connected to a Meraki MX security appliance. Internet connection is via cellular 4G connection.

I have LAN port 1 on the Pepwave connected to WAN port of Meraki. The Meraki appears happy. Can connect to the internet etc but serveral services are not working.

I have been unable to utilise Meraki VPN or port forwarding. I have IP passthrough enabled which gives the Meraki the same WAN IP as the cellular connection however no traffic/services seem to be reaching the Meraki.

Any suggestions on what could be the problem?

Thanks,

Andy

andylowe04 · January 23, 2017, 7:47am

So I have just spent the last two hours of my life on the phone to Meraki support and it seems no matter how I configure the Pepwave, it is still blocking traffic.

I have enabled IP Passthrough and tested, IP forwarding and tested, Passthrough & forwarding and still no joy.

Even tried to NAT port range 1-65535 yet still no traffic arrived at the Meraki MX. Very strange and frustrating.

Seriously, any help would be greatly appreciated!!!

Tim_S · January 23, 2017, 10:57am

Can you confirm you are subscribed to a static IP from the cellular carrier?

Thanks.

andylowe04 · January 24, 2017, 12:52am

Hi Tim,

I am not subscribed to a static IP currently. Should this matter provided I know what the dynamic IP is?

Regards,

Andy

kevin · January 24, 2017, 7:09am

Andy,

Cellular providers in the US provide you with a private dynamic IP address. There is no inbound access over this type of connection. Even if you try to use dynamic hosting, lookup the IP, etc, you can’t remote in. You’ll need to ask your carrier for a static IP address. This gives you a routable connection and you can come in over it just like a land line connection. You can then port forward, establish your VPN, and more, as your connection will be unrestricted.

Keep in mind, carriers do charge a fee for this. Verizon charges a 1 time $500 fee for the account. The good news is you can apply a static address to additional lines on the account without paying again. Other carriers may require a monthly fee, some form of business account, or a minimum number of lines.

andylowe04 · January 24, 2017, 7:46am

Thanks Kevin,

Guess I’d better order a static IP SIM ordered then

In the UK I can now pick them up for about the same price as a dynamic service without any hefty in-statement fees.

I’ll get one ordered and reply once it is installed.

Thanks,

kgarvey · February 25, 2017, 12:39pm

Question: aside from not having a public, routable IP, are there any downsides to utilizing IP passthrough on a BR1 with Verizon?

Tim_S · February 25, 2017, 3:46pm

You essentially lose all routing functionality; no DHCP server, no firewall, no QoS, etc. It turns it into a bridge.

Jer622 · August 1, 2018, 10:51am

Andylowe, were you able to get this to work? I’m in the same situation, except that I had a public static IP from day 1. I see that the Z1 (Meraki) is getting the IP address on the WAN, but browsing the IP fails. I did the same thing with a CradlePoint AER1600 and it worked like a charm. So, I know that it is NOT likely on the Meraki side. It looks like there is something else that needs to be configured on the Pepwave MAX BR1.

Any assistance would be greatly appreciated.

Thanks,

Jeremy

Jer622 · August 1, 2018, 11:21am

Actually, I stand corrected. I forgot that in other testing, I had denied web access on the Z1 firewall. All is working as expected now.

Jeremy