cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No NAT + Inbound firewall rules?

Highlighted
Getting noticed

No NAT + Inbound firewall rules?

Has anyone played with the no NAT functionality in MX 15? I'm playing with a few different topologies and currently I want to run without the MX doing NAT. The topology is:

 

Internet --- Firepower 1010 --- MX67 --- Clients

 

I want the Firepower 1010 to see the real IP addresses of the clients. The Firepower will also handle all NAT duties to/from the Internet. All my clients and services are behind the MX67, there's only a small /30 between the MX and the Firepower. Thus, I need to poke holes in the firewall of the MX to allow for incoming services to work. Previously, with NAT mode, I'd just configure the port forwarding rule on the Firewall page and everything works. However, once the NAT exceptions are enabled the port forwards don't work (as expected), thus I need to poke a hole in the Inbound firewall to allow the traffic to hit the relevant ports on the relevant IP addresses. However, there is no inbound firewall configuration options available. The only thing I see in the Dashboard are the regular outbound firewall rules. The only way I can get the inbound firewall rules to appear is by using passthrough mode, but that has other limitations I'd prefer to avoid.

 

Am I missing something basic? It seems like no NAT needs to expose inbound firewall rule configurations. Otherwise, it's impossible to host any services behind the MX.

2 REPLIES 2
Highlighted
Kind of a big deal
Kind of a big deal

Re: No NAT + Inbound firewall rules?

I think  support  can enable this

Highlighted
Kind of a big deal

Re: No NAT + Inbound firewall rules?

@ww is right.  Support can enable this.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.