Meraki

Community

Meraki Mx85 How to enable NoNat

Mytestcase
Here to help
‎Jun 13 2025 11:25 AM
‎Jun 13 2025 11:25 AM

Meraki Mx85 How to enable NoNat

 

Hello Team,

 

I am currently configuring a Meraki MX85 to function as a simple router. The setup includes a /30 public IP on the WAN side and a /29 public IP block on the LAN side.

 

My understanding is that in routed mode, the MX typically performs NAT from the LAN/VLAN side to the WAN IP.

 

However, in this case, I intend to use the MX85 without NAT. I want to assign a /30 public IP to the WAN1 port and use the /29 public IP block on the LAN side, which will connect to my router and SD-WAN device.

 

Could you please advise on how to disable NAT on the MX85 in this configuration?

 

Thank you,

Sateesh Billur

+91 9945789689

 

Technical Lead, SME for Meraki Networks, Technical Manager
Labels:
0 Kudos
5 Replies 5
RaphaelL
Kind of a big deal
Kind of a big deal
‎Jun 13 2025 11:29 AM
‎Jun 13 2025 11:29 AM

Organization -> Early Access : 

RaphaelL_0-1749839391573.png

 

 

Or Contact Support

alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 13 2025 11:30 AM
‎Jun 13 2025 11:30 AM

Take a look at this.

 

https://documentation.meraki.com/MX/Networks_and_Routing/NAT_Exceptions-No_NAT_on_MX_Security_Applia...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 15 2025 3:41 PM
‎Jun 15 2025 3:41 PM

Being a /29 - I think a better solution is a little trick where you create a 1:1 NAT for the public IP addresses, where you use the public IP address as both the source and destination.

 

Below is an example I have configured.

PhilipDAth_0-1750027248169.png

 

I prefer this approach because it works with all Meraki features, while NO-NAT mode disables certain things (like AnyConnect).

In response to PhilipDAth
Mytestcase
Here to help
‎Jun 16 2025 6:14 AM
‎Jun 16 2025 6:14 AM

Hi Phillip, I will check this option and update you or here. Thanks for the information. 

Technical Lead, SME for Meraki Networks, Technical Manager
0 Kudos
In response to PhilipDAth
GIdenJoe
Kind of a big deal
Kind of a big deal
a month ago
a month ago

Hehe, I wasn't aware you could perform an "identity NAT" on MX'es.  Nice to know!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.