Meraki

Community

1:1 NAT question

Solved
Toby
Getting noticed
‎May 16 2019 4:12 AM
‎May 16 2019 4:12 AM

1:1 NAT question

Hello!

 

I'm trying to set up a customer for MX going from ASA, but have ran into an issue regarding NAT.

 

It concerns 1:1 NAT, I've tried to set up this rule but it can't be configured since the hosts I'm trying to NAT is not on a subnet configured on the MX device. This is due to how the network is set up today and the goal is to try and make as few changes as possible to the network during the change from ASA to MX. I'm unsure if what I'm trying to accomplish is at all doable and which is why I'm asking this question here. If anyone have an idea on how to do this, I would be very grateful.


In summary: Can 1:1 NAT rules be configures on an MX device if the host resides on a subnet which is not configured on the MX device.

0 Kudos
1 Accepted Solution
jdsilva
Kind of a big deal
‎May 16 2019 7:32 AM
‎May 16 2019 7:32 AM

@Toby wrote:


In summary: Can 1:1 NAT rules be configures on an MX device if the host resides on a subnet which is not configured on the MX device.

Yes, well no. Sorta. 🙂

 

It can't not be on the MX at all. You need a route at a minimum, but it doesn't have to be a configured VLAN/subnet.

 

If you do it without a route you get this:

 

image.png

 

But once you add a route:

 

image.png

 

It'll save just fine.

 

image.png

http://blog.brokennetwork.ca | @jdsilva

View solution in original post

4 Replies 4
MarcP
Kind of a big deal
‎May 16 2019 6:27 AM
‎May 16 2019 6:27 AM

You should just forward this NAT to the device which is responsible for the subnet.

 

Once I had szenario, nearly like yours, and have been told to do the following:

 

Lancom --> Meraki --> Camera

been told to configure the Lancom the Camera is "behind" the MX (configured next hop) and within the MX I did the forward, to destination.

 

Should be the same in your case, but you have Meraki first and then something else.

 

To be honest, it didn´t work at my scenario 😄

LINK to Post

jdsilva
Kind of a big deal
‎May 16 2019 7:32 AM
‎May 16 2019 7:32 AM

@Toby wrote:


In summary: Can 1:1 NAT rules be configures on an MX device if the host resides on a subnet which is not configured on the MX device.

Yes, well no. Sorta. 🙂

 

It can't not be on the MX at all. You need a route at a minimum, but it doesn't have to be a configured VLAN/subnet.

 

If you do it without a route you get this:

 

image.png

 

But once you add a route:

 

image.png

 

It'll save just fine.

 

image.png

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
BrechtSchamp
Kind of a big deal
‎May 16 2019 7:34 AM
‎May 16 2019 7:34 AM

@jdsilva Not sure if it actually works, but I could configure it without warning. Did you have a route to the 10.1.1.1 network?

 

Edit: Nvm. I need to learn how to read.

In response to jdsilva
Toby
Getting noticed
‎May 22 2019 11:44 PM
‎May 22 2019 11:44 PM

Great, this works, thanks! 🙂
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.