NAT in MX100

Zenit
Just browsing

NAT in MX100

Hi everyone
I am setting up two MX100 for the first time and had some questions about NATs.
When I configure an incoming NAT do I also need to do the ACL, like for example on ASA?
Another question: are outbound NATs configurable?
For example my network 192.168.0.0/24 comes out with IP 82.14.25.55 and my other network 10.255.255.0/24 comes out with IP 82.14.25.56?

 

Thx in advance for help

Regards

 

Angelo

3 Replies 3
KarstenI
Kind of a big deal
Kind of a big deal

All traffic specified in NAT rules is automatically allowed.

For outbound traffic, generally, the MX IP is used. But for 1:1 rules the specific public IPs are used.

 

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Configuring_1%3A1_NAT

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Troubleshooting_Port_Forwarding_and_NAT_...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

When you create a NAT a rule is created allowing "any" access to those port(s).  You can edit that and change it to a specific IP address(es).  It is under Security & Sd-WAN/Firewall.

 

PhilipDAth_0-1600979993895.png

 

cmr
Kind of a big deal
Kind of a big deal

@Zenitwhen you talk about outbound NAT "my other network 10.255.255.0/24 comes out with IP 82.14.25.56", that is something that unfortunately the MX range does not do, you only have the option of 1:1 NAT as @KarstenI said, this is usually used for say a mail or web server hosted inside your network that you do not want to be on the main public IP address used by the outbound general internet traffic.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels