Multiple NAT Pools in MX84

Solved
CP66
Here to help

Multiple NAT Pools in MX84

Can I create multiple NAT pools in the MX84.  I have 2 VLANS into the MX and need to NAT each VLAN to a different Public IP address so they are routing properly.  Thank you!

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

You can not have different NAT pools.

 

As @AjitKumar noted you can direct traffic to a specific WAN interface - but this does require you to use two WAN/Internet circuits.

 

Maybe you could consider using AutoVPN to wherever this other firewall is located, so that it can see the original IP addresses of the devices.

View solution in original post

5 Replies 5
AjitKumar
Head in the Cloud

Hi

I hope you are referring to following features.

 

1) Flow preferences

Security appliance->Traffic Shaping

Flow Preference.PNG

 

2) NAT & Port Forwarding

 

Security appliance->Firewall

 

NAT.PNG

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
CP66
Here to help

The customer wants to bring a data vlan and a voice vlan in the MX and NAT each VLAN to a different public IP address since data needs to be sent to one DC and vocie to another DC.  In an ISR I can do this with ease.  I would like to avoid putting the MX in passthrough mode since I heard that with a public address and passthough mode is a security risk with out an edge firewall.  The 3rd option I guess would be to get the beta release and try to route with no NAT. 

CP66
Here to help

Forgot to mention that routing is not the problem.  The firewalls at the DC's need to see a certain source addresses.  If we NAT to all one address they will have to change their FW rules.

Adam
Kind of a big deal

I assume the voice and data VLANs that they want to bring in are public IP space or no?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
PhilipDAth
Kind of a big deal
Kind of a big deal

You can not have different NAT pools.

 

As @AjitKumar noted you can direct traffic to a specific WAN interface - but this does require you to use two WAN/Internet circuits.

 

Maybe you could consider using AutoVPN to wherever this other firewall is located, so that it can see the original IP addresses of the devices.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels