Meraki

Community

Internal NAT/port forward ?

braham2019
Getting noticed
‎Apr 29 2025 8:26 AM
‎Apr 29 2025 8:26 AM

Internal NAT/port forward ?

There is an existing computer network, that has a 10.0.0.0/24 subnet with it's default gateway and DNS server pointing to 10.0.0.1.

 

I need to physically replace that network with Meraki hardware but do not have access to the DNS server at that address. I must

however replace the router at address 10.0.0.1 with an MX.

 

Can I port forward or NAT an incoming address at port 53 on IP 10.0.0.1 to say a different DNS server running on IP 10.0.0.2 ?

 

Or is destination NAT not possible ?

 

As I don't have access to any of the old equipment, I don't know how many devices have the DNS server for 10.0.0.1 hardcoded. The Destination NAT seemed like the only option...

 

0 Kudos
12 Replies 12
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 29 2025 8:27 AM
‎Apr 29 2025 8:27 AM

It's not possible.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
braham2019
Getting noticed
‎Apr 29 2025 11:47 PM
‎Apr 29 2025 11:47 PM

What about the solution listed here then ? 

https://community.meraki.com/t5/Security-SD-WAN/HairPin-Nat-Loop-back-NAT/m-p/24268

 

 

0 Kudos
In response to braham2019
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 30 2025 2:59 AM
‎Apr 30 2025 2:59 AM

It won't work, because the interface you reference is one of the WANs.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Mloraditch
Kind of a big deal
Kind of a big deal
‎Apr 29 2025 8:30 AM
‎Apr 29 2025 8:30 AM

What you want to do is not possible. However if a Meraki MX is doing DHCP and you select proxy to upstream DNS as your dhcp server option, the MX will respond to DNS requests.

https://documentation.meraki.com/MX/DHCP/Configuring_DNS_Nameservers_for_DHCP

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Mloraditch
braham2019
Getting noticed
‎Apr 29 2025 8:35 AM
‎Apr 29 2025 8:35 AM

So if I read that correctly, I can set the 10.0.0.2 DNS server as upstream DNS and the 10.0.0.1 will forward those requests ?

0 Kudos
In response to braham2019
Mloraditch
Kind of a big deal
Kind of a big deal
‎Apr 29 2025 8:50 AM
‎Apr 29 2025 8:50 AM

So if your MX is 10.0.0.1 and you set as I've described it will use whatever is the DNS for the WANs which generally must be a public DNS server.

If you need 10.0.0.1 to forward to an internal DNS server you control you can't do that. You will have to touch the static devices in some way and update them to use the new DNS server. Preferably to DHCP with reservations if necessary to avoid this in the future.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
braham2019
Getting noticed
‎Apr 29 2025 9:17 AM
‎Apr 29 2025 9:17 AM

Perhaps I misunderstood, but you stated that the MX will respond to DNS requests.

 

What if I create a new DNS server in another subnet to which the MX routes and use that server as upstream DNS ? Will it forward the requests to that one ?

0 Kudos
In response to braham2019
Mloraditch
Kind of a big deal
Kind of a big deal
‎Apr 29 2025 9:25 AM
‎Apr 29 2025 9:25 AM

The MX will respond to DNS requests but it's only a forwarder and it will only forward the Requests to the DNS servers programmed as the DNS servers for it's WANs which generally must be public DNS servers. The WANs can not use a DNS server over the Auto VPN.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
braham2019
Getting noticed
‎Apr 29 2025 9:36 AM
‎Apr 29 2025 9:36 AM

Thanks for your replies, but I'm not talking about Auto VPN, just a different local subnet.

 

It would really help if the documentation would be very clear about what it doesn't or does do, like only proxying if the clients are DHCP based.

 

and I'll have a look at this as well: https://documentation.meraki.com/MX/Local_DNS_Service_on_MX

I'll have to test what is possible and what not.

0 Kudos
In response to braham2019
Mloraditch
Kind of a big deal
Kind of a big deal
‎Apr 29 2025 10:30 AM
‎Apr 29 2025 10:30 AM

Same answer even if a different local subnet. 

My recommendation is to bite the bullet and fix your devices to be setup so that you can easily make changes in the future.

The local dns option is new and definitely worth exploring.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to braham2019
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 29 2025 2:51 PM
‎Apr 29 2025 2:51 PM

What is doing DHCP in the network?  Why not configure that DHCP server to give out 10.0.0.2 as your DNS server?  That seems MUCH simpler.

In response to PhilipDAth
braham2019
Getting noticed
‎Apr 29 2025 10:03 PM
‎Apr 29 2025 10:03 PM

The new MX will be handing out DHCP addresses, so that is covered for existing DHCP clients. But I don't know how many devices currently have static IP's configured.

 

It's a brownfield environment where the previous IT partner refuses to give access to the existing network devices.  That makes it so difficult.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.