Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firewall Object Beta and 1:1 Inbound NAT

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 16 2020 2:45 AM
‎Aug 16 2020 2:45 AM

Firewall Object Beta and 1:1 Inbound NAT

Has anyone used the firewall object beta and 1:1 NAT?

 

I can't seem to get the inbound 1:1 NAT to work.  A packet capture shows the packets being received by the MX, but not leaving the LAN interface.

0 Kudos
Subscribe
2 Replies 2
Seshu
Meraki Employee
Meraki Employee
‎Aug 21 2020 8:13 AM
‎Aug 21 2020 8:13 AM

Hello @PhilipDAth 

 

Network Objects feature is not expected to impact the 1:1 NAT or Port Forwarding rules. Did you check the ARP Table on the MX for the LAN Client? Is the 1:1 NAT Rule configured with the public IP in the same subnet as the WAN that is selected in the 1:1 NAT Rule?

Subscribe
In response to Seshu
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 21 2020 2:22 PM
‎Aug 21 2020 2:22 PM

That's reassuring.  The 1:1 NAT is configured with a public IP in the same subnet.  The MX was able to ping the internal hosts.

 

I have my second attempt in 1.5 days.

 

I have since made a great discovery.  This customer has 95% Meraki infrastructure.  Their is an old Cisco UCS chassis switch (in a compute unit).  While going through the Meraki events after the event I found lots of spaning tree events where a critical port started flapping.

Now I am aware of that I am going to change things to remove that loop.

 

 

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.