Firewall Object Beta and 1:1 Inbound NAT

PhilipDAth
Kind of a big deal

Firewall Object Beta and 1:1 Inbound NAT

Has anyone used the firewall object beta and 1:1 NAT?

 

I can't seem to get the inbound 1:1 NAT to work.  A packet capture shows the packets being received by the MX, but not leaving the LAN interface.

2 REPLIES 2
Seshu
Meraki Employee

Hello @PhilipDAth 

 

Network Objects feature is not expected to impact the 1:1 NAT or Port Forwarding rules. Did you check the ARP Table on the MX for the LAN Client? Is the 1:1 NAT Rule configured with the public IP in the same subnet as the WAN that is selected in the 1:1 NAT Rule?

PhilipDAth
Kind of a big deal

That's reassuring.  The 1:1 NAT is configured with a public IP in the same subnet.  The MX was able to ping the internal hosts.

 

I have my second attempt in 1.5 days.

 

I have since made a great discovery.  This customer has 95% Meraki infrastructure.  Their is an old Cisco UCS chassis switch (in a compute unit).  While going through the Meraki events after the event I found lots of spaning tree events where a critical port started flapping.

Now I am aware of that I am going to change things to remove that loop.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels