cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NAT 1:1 only working when connected to VPN

Highlighted
New here

NAT 1:1 only working when connected to VPN

So, I'm trying to setup a NAT 1:1 for an outside entity to access one of our servers in the office without needing a VPN account.    I have everything setup and I can reach it on the public IP/port from outside the office if I'm connected to the VPN, but if I'm disconnected from the VPN I cannot reach it.     Any ideas where to start looking for the issue here?

 

Can provide details of our setup if that will help.

4 REPLIES 4
Highlighted
Kind of a big deal

Re: NAT 1:1 only working when connected to VPN

Could you provide some sanitized details of your 1:1 nat config? 

 

If you can only reach this server when you're functionally internal, something's gotta be wrong with that setup.

Highlighted
New here

Re: NAT 1:1 only working when connected to VPN

So we have a /29 from our provider.   Say 200.200.200.0/29.    MX80 is on 200.200.200.2,  NAT 1:1 is mapping public IP 200.200.200.3 to an internal IP on one of our VLANs.

 

Maybe unrelated, but I did just notice that the MX80 Uplink is showing as in conflict so WAN1 is showing as failed.   Looks like it has the same IP address as the switch that is in front of it.   Guess I should try and resolve that first before proceeding forward with the NAT debugging.

Highlighted
Kind of a big deal

Re: NAT 1:1 only working when connected to VPN

Oh, good catch! I would take a look at that WAN issue and then try again.

Highlighted
Kind of a big deal

Re: NAT 1:1 only working when connected to VPN

Yes it sounds like the 1:1 NAT you have allocated might already be in use.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.