Good day all,
Does anybody know if the ability to route public IPs through an MX is on the road map of features the devs are working on.
No-NAT on an MX WAN interface is something I would expect to see available for beta in the next 6 months or so. This would enable CPE functionality but disable the default NAT behavior on one or more of the WAN uplinks. Essentially turning it into a routed interface.
eBGP support in NAT mode (name-change perhaps?) is where the Meraki team would like to get to. That would enable more seamless branch MPLS SD-WAN support but No--NAT is a prerequisite.
Stay tuned. 😉
Just bumping this one - any news on this feature? We have a few clients where we're having to use ASAs where a MX would do, just because we can't have a public routed subnet with no NAT...
Progress is promising, but the limitation of removing on of the already limited 2 wan interfaces is challenging. Would be nice if this could be implemented as a Third interface or similar non-impacting our standard interfaces. Specific to our needs, we frequently have Hospitality clients with event space who like to deploy their own routers in meeting spaces behind our lan and being able to quickly put them on a non-nated public IP without bridging our WAN/LAN is extremely valuable.
Thanks for the reply AlexJ!
I'm about 10% through converting our MPLS sites onto MX's. Our data traffic tunnels back to concentrators in our DC's while our Voice traffic is NAT'd out to the WAN interface where our MPLS provider picks up the traffic and routes it back to their SBC's and media gate ways.
Initially when the handsets were being NAT'd we had call dropouts and missed calls back to the handset, something I believe was occurring due to NAT timeouts or ageing. Currently I have setup a 1:1 NAT for every handset with its internal IP being the same as the external IP. This seems to have resolved the issue.
Can you see any issues running 1:1NAT with the same public address as the private address?
IE Handset uses the following 1:1 rule
Public IP: 10.125.0.101
LAN IP: 10.125.0.101
Allowed inbound: any any any