Meraki MX routed public subnet / DMZ (migrating from Sonicwall)

Solved
Kykeon
Comes here often

Meraki MX routed public subnet / DMZ (migrating from Sonicwall)

Hi all,

 

I'm sure this has been asked a lot and apologies if it has been answered a lot too, spent hours looking it up and i could not find a clear answer.

 

We are in the process of migrating a multi-tenant network from Sonicwall to Meraki MX.

 

The public IPs we have is:

 

Public main WAN subnet 1: 1.0.0.0/29

Public routed subnet 2: 2.0.0.0/30

Public routed subnet 3: 3.0.0.0/30

 

I've routed subnets 2 & 3 to tenants' 2 & 3 gateway, for example tenant 3 has a Draytek sitting behind the Sonicwall with a public IP address of 3.0.0.2 on it (3.0.0.1 is the Sonicwall). We needs to be able to do his own NAT.

 

The way I've done this on the Sonicwall is shown here: http://help.sonicwall.com/help/sw/eng/6500/25/9/0/content/Ch27_Network_Interfaces.031.39.html

 

However i cannot find anything documented by Meraki on how to configure a public routed subnet for a DMZ host and make sure traffic passes through and is not NATed out of the main WAN IP.

 

I've seen people mentioning they had to create a VLAN and set the MX's gateway address to that public IP, 3.0.0.1 in tenant 3's case.

 

Do i then have to create a 1:1 NAT rule to map public 3.0.0.2 to LAN 3.0.0.2 so the tenant's gateway is accessible?

 

Thanks for your time 🙂

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

You would need to upgrade to the 15.x beta code.  Then on the address page you'll see a NO-NAT page.

View solution in original post

1 Reply 1
PhilipDAth
Kind of a big deal
Kind of a big deal

You would need to upgrade to the 15.x beta code.  Then on the address page you'll see a NO-NAT page.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels