Meraki Community

_zZz_ · ‎Sep 22 2020

Hi

Is it possible to NAT an internal IP to access another internal IP?

I would like 192.168.1.45 to appear as 192.168.45.45 when connecting to 192.168.45.254.

Seen on some firewalls that you can create a policy that will masqurade the IP that is specified in the policy.

Thanks

Claes_Karlsson · ‎Sep 22 2020

I think that would require something like this:

Portforwarding/NAT on 192.168.45.254:xx --> Object(192.168.45.45 translated to 192.168.1.45):xx

Where xx is the portnumber.

I don't believe thats possible yet, you can only create objects with Name and FQDN/IP-address as I've seen so far and not any object-NAT.

/CK

KarstenI · ‎Sep 22 2020

~~NAT is only done when the communication is done through the WAN-port. The MX does not have this flexibility as ist is available for example on the Cisco ASA/FTD~~.

jdsilva · ‎Sep 22 2020

It's possible, but not in the way you think. Please see this thread:

https://community.meraki.com/t5/Security-SD-WAN/HairPin-Nat-Loop-back-NAT/m-p/24563/highlight/true#M...

http://blog.brokennetwork.ca |

@jdsilva

KarstenI · ‎Sep 22 2020

Wow, from the documentation, I would not expect this to work ...

And one question here is, if this is a "planned" feature or if it just works by accident and the behavior could change in a new firmware release. Actually I would have some doubts if I want to implement something like that.

jdsilva · ‎Sep 22 2020

@KarstenI Not planned per se I don't think, but more a side effect of the way NAT was implemented. @GiacomoS commented on this solution in this post:

https://community.meraki.com/t5/Security-SD-WAN/HairPin-Nat-Loop-back-NAT/m-p/24563/highlight/true#M...

http://blog.brokennetwork.ca |

@jdsilva

Meraki Community

Meraki MX84 - NAT Internal IP to another Internal IP

Meraki MX84 - NAT Internal IP to another Internal IP