Meraki

iores

Hi,

I was reading this: https://documentation.meraki.com/MX/Networks_and_Routing/NAT_Exceptions-No_NAT_on_MX_Security_Applia... .

What does this mean: "... inbound traffic is not allowed through the WAN interface of VLANs with the No-NAT Exceptions override".? Does this apply only when No-NAT is used?

In addition, does this and how affect AutoVPN communication? Are AutoVPN spokes able to communicate mutually?

alemabrahao

This means that if you create a No-NAT Exception on a VLAN, the MX will not allow inbound traffic from the internet to that subnet through its WAN interface.

Yes, this only applies when no-nat is used.

This does not affect auto VPN.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

iores

Does it apply only "from the internet" or to any source IP that arrives on WAN interface for that particular local subnet?

alemabrahao

Internet my friend.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

alemabrahao

The best way for you to understand how a feature works is to run a lab to test it.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

Inbound MX firewall rules & AutoVPN

Inbound MX firewall rules & AutoVPN