cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

1:1 NAT question

SOLVED
Highlighted
Here to help

1:1 NAT question

Hello!

 

I'm trying to set up a customer for MX going from ASA, but have ran into an issue regarding NAT.

 

It concerns 1:1 NAT, I've tried to set up this rule but it can't be configured since the hosts I'm trying to NAT is not on a subnet configured on the MX device. This is due to how the network is set up today and the goal is to try and make as few changes as possible to the network during the change from ASA to MX. I'm unsure if what I'm trying to accomplish is at all doable and which is why I'm asking this question here. If anyone have an idea on how to do this, I would be very grateful.


In summary: Can 1:1 NAT rules be configures on an MX device if the host resides on a subnet which is not configured on the MX device.

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: 1:1 NAT question


@Toby wrote:


In summary: Can 1:1 NAT rules be configures on an MX device if the host resides on a subnet which is not configured on the MX device.


Yes, well no. Sorta. 🙂

 

It can't not be on the MX at all. You need a route at a minimum, but it doesn't have to be a configured VLAN/subnet.

 

If you do it without a route you get this:

 

image.png

 

But once you add a route:

 

image.png

 

It'll save just fine.

 

image.png

4 REPLIES 4
Head in the Cloud

Re: 1:1 NAT question

You should just forward this NAT to the device which is responsible for the subnet.

 

Once I had szenario, nearly like yours, and have been told to do the following:

 

Lancom --> Meraki --> Camera

been told to configure the Lancom the Camera is "behind" the MX (configured next hop) and within the MX I did the forward, to destination.

 

Should be the same in your case, but you have Meraki first and then something else.

 

To be honest, it didn´t work at my scenario 😄

LINK to Post

Kind of a big deal

Re: 1:1 NAT question


@Toby wrote:


In summary: Can 1:1 NAT rules be configures on an MX device if the host resides on a subnet which is not configured on the MX device.


Yes, well no. Sorta. 🙂

 

It can't not be on the MX at all. You need a route at a minimum, but it doesn't have to be a configured VLAN/subnet.

 

If you do it without a route you get this:

 

image.png

 

But once you add a route:

 

image.png

 

It'll save just fine.

 

image.png

Kind of a big deal

Re: 1:1 NAT question

@jdsilva Not sure if it actually works, but I could configure it without warning. Did you have a route to the 10.1.1.1 network?

 

Edit: Nvm. I need to learn how to read.

Here to help

Re: 1:1 NAT question

Great, this works, thanks! 🙂
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.