Meraki

Community

Meraki MX84 - NAT Internal IP to another Internal IP

_zZz_
Comes here often
‎Sep 22 2020 5:24 AM
‎Sep 22 2020 5:24 AM

Meraki MX84 - NAT Internal IP to another Internal IP

Hi

 

Is it possible to NAT an internal IP to access another internal IP?

I would like 192.168.1.45 to appear as 192.168.45.45 when connecting to 192.168.45.254.

 

Seen on some firewalls that you can create a policy that will masqurade the IP that is specified in the policy.

 

Thanks

 

0 Kudos
5 Replies 5
Claes_Karlsson
Getting noticed
‎Sep 22 2020 5:32 AM
‎Sep 22 2020 5:32 AM

I think that would require something like this:

 

Portforwarding/NAT on 192.168.45.254:xx --> Object(192.168.45.45 translated to 192.168.1.45):xx

Where xx is the portnumber.

 

I don't believe thats possible yet, you can only create objects with Name and FQDN/IP-address as I've seen so far and not any object-NAT.

 

/CK

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 22 2020 5:34 AM
‎Sep 22 2020 5:34 AM

NAT is only done when the communication is done through the WAN-port. The MX does not have this flexibility as ist is available for example on the Cisco ASA/FTD.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
jdsilva
Kind of a big deal
‎Sep 22 2020 7:53 AM
‎Sep 22 2020 7:53 AM

It's possible, but not in the way you think. Please see this thread:

 

https://community.meraki.com/t5/Security-SD-WAN/HairPin-Nat-Loop-back-NAT/m-p/24563/highlight/true#M...

 

 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 22 2020 8:04 AM
‎Sep 22 2020 8:04 AM

Wow, from the documentation, I would not expect this to work ...

And one question here is, if this is a "planned" feature or if it just works by accident and the behavior could change in a new firmware release. Actually I would have some doubts if I want to implement something like that.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
jdsilva
Kind of a big deal
‎Sep 22 2020 9:55 AM
‎Sep 22 2020 9:55 AM

@KarstenI Not planned per se I don't think, but more a side effect of the way NAT was implemented. @GiacomoS commented on this solution in this post:

 

https://community.meraki.com/t5/Security-SD-WAN/HairPin-Nat-Loop-back-NAT/m-p/24563/highlight/true#M...

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.