Meraki

Drache13 · ‎Dec 20 2018

I'm Migrating from some ISRs to a MX450.
2 WAN Links
an ISP provided /30 is on a Switch - and I have my first IP from my /27 on the MX. (both WAN)

I have configured a few (12?) 1:1NAT - but all but one of them do not route back to it's 1:1 IP address.
they don't even route back to the same interface (WAN1) but outbound on WAN2.

due to proper security SSL settings - this obviously breaks web apps and sites.

I was wondering if anyone experienced this - and what a possible solution is? (I'd prefer to keep the MX as an edge device)

LV_MW_MSP · ‎Dec 20 2018

If I remember correctly, there is no way to NAT outbound traffic to a specific IP address. You can NAT it out to WAN1 or WAN2, but to NAT out to ip #2 on WAN 1 I don't believe is possible. Maybe there has been a feature released allowing this since the last time I had this problem (about 6 months ago) but not sure.

I would try calling Meraki support and see what they say.

BA

Drache13 · ‎Dec 20 2018

I really don't understand -
this was a touted feature during demonstrations. (bi-directional NAT)

does this technically break web servers that require the return path to match the incoming path? (reverse route)

LV_MW_MSP · ‎Dec 20 2018

That is 100% dependent on your setup. I will say though even though Meraki lacks this feature, and some other ones you would think are common, I have never hit a "there is no other way" to obtain the end result.

Contact Meraki support and see if they have a beta firmware or something you can try, otherwise you will have to figure out how to make it work within the limitations of Meraki.

PhilipDAth · ‎Dec 20 2018

>due to proper security SSL settings - this obviously breaks web apps and sites.

This wont break SSL or web apps. If a request is NAT'ed through from the outside world the reply traffic from the web server will return via the same path (using the same 1:1 IP address).

Meraki

Community

MX450 - 1:1 NAT; outbound IP?

MX450 - 1:1 NAT; outbound IP?