So reading in the vMX Setup guide I see NAT mode.
What is this, in relation to NAT mode on a normal MX ?
Is it only for NAT'ing over the VPN ?
The second question I have, how do I change the MX from Onearmed to NAT ?
The Setup guide says this is possible, with a restart, it just omits how.
Regarding DHCP.
If in NAT mode, can I then have a DHCP server running for subsites on this thing ?
Like if I wanted a central DHCP server (in Azure), I know this is not, in any way optimal, or probably advised, but I really want to know 🙂
Thanks 🙂
/Thomas
NAT mode will translate your internal address space and present the source/Public IP to the internet.
To change from one-armed concentrator to NAT go to Security & SD-WAN > Configure > Addressing & VLAN's
Select Routed Mode
Yes yes ... that works all very well and fine on a normal MX.
But a vMX ?
Not so much it appears.
As you can see, there is no Addressing & VLANs page.
So either my vMX has a bug, or this is why its not specified in the documentation 🙂
@thomasthomsen : hope you all covered this
I started here : https://documentation.meraki.com/MX/MX_Installation_Guides/vMX_Setup_Guide_for_Microsoft_Azure
From this document:
All MXs can be configured in either NAT or VPN concentrator mode. There are important considerations for both modes. If needed, refer to the article on concentrator modes for more detailed information.
In this mode, the MX is configured with a single Ethernet connection to the upstream network. All traffic will be sent and received on this interface. This is the only supported configuration for MX appliances serving as VPN termination points into Azure Cloud.
In this mode, the MX is configured with a single Ethernet connection to the upstream network and one Ethernet connection to the downstream network. VPN traffic is received and sent on the WAN interfaces connecting the MX to the upstream network and the decrypted, unencapsulated traffic is sent and received on the LAN interface that connects the MX to the downstream network.
Note: A limited NAT mode capability can be enabled on the vMX in which traffic from the spokes will be NATed to the vMX's IP as it egresses the vMX in to your datacenter. Other capabilities of the NAT mode including DHCP, HA or multiple ports (LAN and WAN) are not supported. In each mode the vMX is still a one-armed appliance with one network interface
If you wish to change the concentrator mode after the vMX deployment, you must restart the instance for the changes to be applied. Please choose the desired concentrator mode before the vMX deployment.
The document does not tell how you change this mode. - It just says you have to restart the instance ?
So will it magically just change mode if I restart it ? - I highly doubt that 🙂
I think this might be the critical bit.
"Please choose the desired concentrator mode before the vMX deployment."
Yeah but why do they also write this then.
"If you wish to change the concentrator mode after the vMX deployment, you must restart the instance for the changes to be applied."
Lets just say: "Instructions unclear ....."
sorry @thomasthomsen - I didn't see the vmx element!
That sentence sums it up "In each mode the vMX is still a one-armed appliance with one network interface". I only ever run these in concentrator mode.
No problem, but I really wanted to test out the "other mode".
Because I want to know what it does, and what extra things I can get out of it.
But the problem is that there does not seem to be a way to convert it (even though the documentation says so).
What happens if you create the network as an appliance only, configure NAT mode, and then add the vMX?
Or maybe use a template?
My thoughts as well (at this point), but the instructions are not good, can we all agree on that ? 🙂
Yes, I agree on that, Instructions are not that clear. However, I got NAT mode enabled for vMX by calling support team. They said, that is the only way for now.