I have a new client (private school) that has an unusual requirement for their MX firewall. Their internal network connects directly to a private circuit to a managed data center provider for Internet access. They currently have an MX100; however, it is in pass-through (bridge mode). The provider requires the school to maintain the assigned the RFC1918 address space to the provider and therefore, they are unable to NAT at the firewall. They desperately need network segmentation and a zone-based firewall to isolate traffic between the internal VLANs. For simplicity purposes, I would like the MX100 to do this.
I would like to change the Meraki MX firewall from pass-through to routed mode; however, the routed mode requires NAT to the uplink (Internet). I thought I read in one of the Beta release notes that this could be done, although, I cannot find the specific article. Any suggestions?
Solved! Go to Solution.
You can't 1:1 NAT anything that needs connectivity to the provider address space?
@AdamS ...Jaw drop
I'm pretty sure I get the concept of the Beta mode with no NAT mode.
Could you please elaborate a little further for me?
We have dozens of sites with dedicated MPLS only, the data VLAN is Auto-VPN'd back to the data centre concentrator while the voice VLAN is nat'd whereby the MPLS provider then takes the voice traffic out to their media and SBC gateways. Does this mean I can get a private /24 routed to down the link and not nat'd to the handsets?