Hi all,

Need some helps regarding this issue.
My company has subscribed Unfibiz package with 5 fixed/public IPs given.

My network connection : INTERNET-----TM ROUTER (cisco meraki mx64w)----PC/Laptop

Lets say TM have provided these IPs (just assumption only):
176.20.1.0/29
176.20.1.1 (gateway/TM router)
176.20.1.2-176.20.1.6 (our fixed IP)

TM router is using IP 176.20.1.1 and acting as a gateway for our devices connected directly to TM router.
When I connect my laptop (176.20.1.2), it is not reachable from public or I cannot ping my laptop public IP but I can browse internet. Windows firewall already disabled/turn off. Only gateway IP can be ping from public.
Have tried different devices and different IPs allocated by TM but still not successful.
Have call TM support but not really helpful. Or by default 5 public IPs ping/icmp disabled? only allow ping gateway ip ?

Any thoughts about this?

Have you check the configuration in you Meraki

meraki router belong to TM and it is cloud base, I can only view limit configuration, only can see interface ip (gateway ip).
Or somewhere firewall policies from meraki cloud blocking.

I'm not familiar at all with the Meraki but a quick Google found this: https://documentation.meraki.com/MX-Z/Firew...rewall_Settings and:
Note: In NAT mode, all inbound connections are denied except for ICMP traffic to the appliance, by default. If you want to allow additional inbound traffic, you will need to create a new port forwarding rule or NAT policy and explicitly allow connections based on protocols, ports, or remote IP addresses (see below).
So you'll need to do at least 2 things:
1. Setup IP Unnumbered on your LAN facing ethernet interface.
2. In the firewall allow inbound traffic destined for your assigned prefix.

by right isp didt do any filter on their side

1) type command netstat -an, share the output
noted down few open port which is not common use port etc 55655, 57119

2) https://www.yougetsignal.com/tools/open-ports/
check whether the port is opened

3)able to ping from router to pc?

4)disable ipv6 on your pc

Not related to your problem but TM gave you the Meraki for free or did you have to pay for it? My friend’s company, medium sized MNC, subscribed to the same thing, unifibiz /29 and TM gave them a DIR-615 !!?? Anyway we replaced it with a Mikrotik RB750Gr2.

thanks for the suggestion bro,helpful

From our pc/laptop I have disabled firewall/turn off already. I can ping router IP (gateway ip), as I mentioned earlier we have limited access to the router configuration (can view interface ip only).

They lease for us only, If we stop using their sevice, they will take back the router.

Find and disable NAT & Firewall. Happened to me. Even medium firewall setting on the router given disables ping to any of the subscribed IPs.

thanks for that. Unfortunately I only have limited configuration access to the tm router, still communicating with TM, not really helpful and very slow response.

How can limited? Everyone is given the credential to go in. Password nowadays is usually the serial number of the unit.

yes bro already serial number for login, but got limited access to the router. Cannot see firewall/NAT feature on the dasboard.

username used?

try operator.

username is device SN, password is blank, any other login?

The problem is solved now. Need to do 1:1 NAT for each fix IP and need to allow icmp for inbound connection. For future use, asked TM to allow any for inbound and outbound (if not I will facing a problem and need to contact TM again).

This post has been edited by payies: Apr 10 2018, 08:53 AM