Is there a way to allow all inbound traffic to a single IP? (mx-60)

SOLVED
Brian5
Conversationalist

Is there a way to allow all inbound traffic to a single IP? (mx-60)

I'm new to Meraki and have an MX-60 and was wondering how to allow all inbound traffic to get through, but only to a single IP address. It seems like the way to do this would be to set up a 1:1 NAT rule that allows "any" port, but the public IP I need to use is assigned to the firewall so it will not allow it.

 

Basically, what I need to do is test to make sure no firewall rules are blocking access to a specific IP and I don't want to disable the entire firewall, but instead temporarily disable any blocking to just a single address.

1 ACCEPTED SOLUTION

Accepted Solutions
Bruce
Kind of a big deal

Re: Is there a way to allow all inbound traffic to a single IP? (mx-60)

If you are using the IP address that is assigned to the WAN interface then you won’t be able to create a NAT. The best you can achieve is a port forward. You’ll need to ascertain what ports you want to access on your internal server (e.g. tcp/80 for http, tcp/443 for https) and set the port forward appropriately on the MX.

View solution in original post

1 REPLY 1
Bruce
Kind of a big deal

Re: Is there a way to allow all inbound traffic to a single IP? (mx-60)

If you are using the IP address that is assigned to the WAN interface then you won’t be able to create a NAT. The best you can achieve is a port forward. You’ll need to ascertain what ports you want to access on your internal server (e.g. tcp/80 for http, tcp/443 for https) and set the port forward appropriately on the MX.

View solution in original post

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.