cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3378
Views
20
Helpful
16
Replies

Moving a device from one site to another while keeping same IP

jkay18041
Level 3
Level 3

Hello, this might not be possible but wanted to ask. We have a bunch of hotels that all have a "interface server" that resides on the same subnet as the computers for the back office. We are wanting to move this interface server to a data center instead of housing it in the hotels.

 

My question is can we do this without changing the local IP address? Changing it's not really possible without breaking a lot of stuff. 

 

At the hotel we have a Meraki MX64 router and then in the data center we have a cisco ASA. Would there be a way to make a site to site vpn connection between the two and somehow get this to work? I know we could subnet the/24 but I'd rather not do that if possible.

 

Thanks

1 Accepted Solution

Accepted Solutions

Thanks for the clarification. So at the data center an ASA connects the WAN and the LAN and there is not any router in the data center network. I do not think that my suggestion will work in that environment. Since there are 21 hotels my suggestion of creating a small subnet for each interface server would create 21 small subnets that need to be created and need to route to the data center Lan (and to the Internet). I do not believe that the ASA would support that many subnet connections.

 

HTH

 

Rick

HTH

Rick

View solution in original post

16 Replies 16

This is interesting, I've never seen or heard of this before. I'm betting it won't work with the Meraki MX series though. I'll have to check with them on that.

Richard Burts
Hall of Fame
Hall of Fame

I do not fully understand the question. It begins by describing a bunch of hotels and I believe that it says that each hotel has an interface server. Is that correct? So there are currently a bunch of individual interface servers. Is that correct? If you want to move interface servers to a data center will there be a single consolidated interface server or will there be a bunch of individual interface servers all at the data center? Can you provide clarification?

 

HTH

 

Rick

HTH

Rick

Rich,

 

So each hotel has its own interface server. When we move the interface servers to the data center each hotel will retain it's own.

Each hotel has it's own unique subnet so over lapping IP's won't be an issue.

Basically if the interface servers IP is 10.10.1.5 /24 when it moves to the data center it's IP will remain the same. I'm hoping to be able to do this without splitting subnets up. I am probably somewhat limited due to using the Meraki MX firewall in each hotel. The data center side is an ASA 5515.

 

Thanks for the help

Thanks for the information. I have a suggestion that might work for you. As you prepare to move an interface server from a hotel to the data center, create a /30 subnet at the data center. That will give you 2 usable addresses and you have one for the interface server and one for the router at the data center. If your interface server is 10.10.1.5 then create subnet 10.10.1.4/30. Assign 10.10.1.6 255.255.255.252 to the router and use 10.10.1.5 for the interface server. 

 

In ip routing the more specific prefix is always preferred. So any traffic for the server will be forwarded to the data center and traffic for anything else in the subnet will be forwarded to the hotel. This certainly would work for any traffic originating outside the hotel. For traffic originating inside the hotel they would consider 10.10.1.5 to be local and would arp for it. You will need to test and make sure that the Meraki would respond to that request and would forward the traffic to the data center. (hopefully adding a static route for the /30 would be sufficient to accomplish that)

 

HTH

 

Rick

 

HTH

Rick

So basically if I understand correctly

 

create a /30 in the data center with the interface computer keeping it's IP in the /30.

At the hotel leave the /24 as is.

Create a VPN tunnel to the data center. Is that going to work if both sides have the same IP scheme but different subnet mask?

Create a static route 10.10.1.5 255.255.255.252 10.10.1.6(ip of the asa in data center)

 

Thank you for your help!

Mostly I think you are on the right track. From my perspective the vpn is optional, but I can see where it might be desirable. I do not see any reason why a site to site vpn would not work. Is there other traffic from the hotel that might use the vpn? Or is it just traffic from hotel to interface server?

 

The main issue I see in what you suggest is the next hop in your static route. How would the hotel router know how to reach 10.10.1.6? If you are going to set up the vpn then I might suggest that you use the remote peer address as the next hop in the static route.

 

HTH

 

Rick

HTH

Rick

What would be the alternative to the vpn?

 

So basically put the default route as 10.10.1.5 255.255.255.252 4.5.6.7 (public IP of the data center router)

 

 

I do not know enough about your environment to be able to say what are the alternatives. How do the hotels communicate with the data center? Would that same way of communication work for the interface server traffic?

 

A couple of picky points about your static route:

- it is a static route not a default route

- if you specify the address as 10.10.1.5 then the mask should be 255.255.255.255.

- if you want to use the mask of 255.255.255.252 then the address should be 10.10.1.4

 

HTH

 

Rick

HTH

Rick

I've opened up a ticket with Meraki as the MX won't allow static routes that it doesn't have a subnet configured for. I've told them your suggestions so I'll see what they say.

 

Thank you for all the help.

Rich,

Right now the hotels communicate to the data center with a site to site vpn tunnel.

When I tried to add a static route in the Meraki it wouldn't allow it saying that it was a unconfigured subnet. I've opened a ticket with Meraki to see if they can manually do it. However the response I got was this.

 

Greetings,
Thank you for contacting Cisco Meraki Technical Support.
To retain the ip of a device,
1. Configure the device ip as static.
2. Kindly configure the dhcp server to serve Fixed ip assignments. If you are using MX as DHCP server, kindly configure the sticky ip for the device, so that the same ip is served when the device joins the network and queries the dhcp server for an ip.

 

I sent them this forum post in hopes of them understanding what I'm wanting to do better.

 

Thanks for the help

Thanks for the information. If there is an existing site to site vpn then I would hope it would not be difficult to add this traffic to that vpn. But from my perspective (looking at the typical Cisco way of doing things) part of adding this traffic to the vpn would be to configure a static route for Meraki indicating that this new /30 is reachable at the data center (next hop for the new static would be same as the next hop for other vpn traffic - assuming that Meraki has a static route for directing traffic over the vpn).

 

Very strange response from Meraki. It strongly suggests to me that they did not correctly understand your original question.

 

HTH

 

Rick

HTH

Rick

Yes currently there is a site to site setup. The ASA side is 10.16.1.0/24 with the ASA IP of 10.16.1.251 and standby of .252. The meraki side is 10.211.41.0/24 with the Meraki at the IP of .254 and the interface server has the IP of 10.211.41.7.

 

If I want to use that VPN tunnel and not create a new one could I just do this.

on Meraki add static route 10.211.41.7 255.255.255.255 10.16.1.251

Then on the interface server give it an IP on the 10.16.1.0/24 network and a secondary IP of 10.211.41.7? The 10.16.1.0 ip would be so it could reach the internet as it will need to go out to the internet as well as the VPN.

 

Thanks again for all the help

I certainly suggest that you use the same vpn and not try to create a new one. 

 

Can you tell us a bit more about the data center. At one place you mention data center router and in the other references you talk about an ASA. I believe that my suggestion of creating a small subnet for each interface server will work if connected to a Cisco router but probably not work if connected to an ASA. Assuming connection to a router then the router would have its existing interface IP address as its primary address on the interface and would configure IP secondary addresses to create the small subnets for the interface servers. In each small subnet you would have the router secondary address and the address of the interface server. The interface server would have the associated router secondary address as its default gateway (that is one config change that would be required on each server). And in this way you do not need the secondary addresses on the server which you suggest in your post and the server would have Internet access.

 

In your original post you identified the server address of 10.10.1.5 and I suggested a small subnet size of /30. In your recent post you identify a server address as 10.211.41.7. For this address a size of /30 will not work and you would need to use /29. So the size of the subnet may vary depending on the particular address of the server. We could discuss this further if you need but I will not get into that detail unless you indicate that you need it.

 

HTH  

 

Rick

HTH

Rick