I have one question. If Meraki can configured multiple external IP addresses ? Example i have guest wifi and want that network use another external ip different of main.
1:NAT and 1:1 NAT dont work(i found some advices). Because it dont understand all subnet, only 1 lan ip.
I've also tried to accomplish this and I'm fairly certain it isn't possible. The NAT will only be for external traffic coming in. Everything going out will go through the MX WAN IP. Depending on your use case, the only real option would be to put an L2 switch outside of your MX WAN interface. Have one cable going to the MX WAN interface and another going to your switch VLAN or device and then you could give those devices the WAN IP directly although they will not be going through the MX. I guess conceptually if it is for a guest network you could also have a separate, cheap, router that is connected to the WAN that you route traffic to/through.
What @Adam said. Inbound only 😞
But... If you were to use the second WAN port and assign a second external address to that, then you could use Internet flow preferences to steer some traffic out the second IP (and in) giving you two public IP's.
It's not how it's meant to work, and not clean by any stretch, but if you absolutely needed to second IP for say, have one specific server use a specific IP outbound, it could work.
Disclaimer, I haven't tried this directly, but I don't see why it wouldn't work.
Meraki doesn’t currently support this. One way you might also be able to get around this is by placing a router on your network, doing a 1:1 NAT on the MX to this router. Then NATing the guest WiFi traffic through this router. It does add another device and double NAT but should achieve what your trying to do.
We are currently struggling with this as well since the provider NAT public traffic to a private address.
Response from Meraki
So just to clarify, if I have a block of IP addresses associated with my Internet connection, the Meraki is incapable of using any but the IP address of its external interface?
If that's the case, what is Meraki's suggestion/recommendation for doing this functionality that Cisco ASA's have had since the Pix was introduced?
let's get this topic back from the dead.
since IkeV2 is in beta (other topic) perhaps we should get the attention of Meraki to have a look at sourcenat.
Okay.. this can be done by...
Create a VLAN on your MX..
MX IP: 220.127.116.11
VALN ID: you choose.
Set your client PC with the blow..
Set 1:1 NAT
LAN IP: 18.104.22.168
This will then show your second IP when access the internet, not the IP of the MX.
I have tested your suggestion and it worked.
However, I have found one Downside, that is that it is no longer possible to reach our public addresses from inside the LAN, after setting up the VLAN.
Are there any other side effects you experienced?
Are you using this workaround in a productive environment?