One to Many NAT

mark30fla
New here

One to Many NAT

Could someone please clarify how 1:Many NATTing works in the MX100. I have read the documentation and am not certain how to get it working.

The VLANs will all terminate on a pair of MX425s except the transit VLAN. However I can only get it to NAT one VLAN that must be terminated on the MX100.

There is only one Internet connection coming into the device. So please give a specific example of how I would send all internet traffic on 80 and 443 out ? Do I also have to configure DNS lookup for the NAT ??

Please use the following example to clarify:
Public IP Address 1.1.1.1 (only internet connection coming in)
Uplink - Internet 1
Rules - Description - Internet Traffic
Proto - TCP
Public Port - 80
LAN IP - 10.10.0.0/16 (these are the supernetted IP addresses)
Local Port - Any
Allowed Remote IPs - Any

 

Thanks in advance.

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

If you are just configuring outbound Internet access then you don't need to do anything with NAT - zero.  The default configuration will do it automatically.  All non-WAN interfaces are NATed to the Interface IP of the Internet circuit they head out of.

Adam
Kind of a big deal

Philip is right.  One to Many NAT is just for incoming on your internet ports.  An example of where you'd use it is if you wanted to have incoming traffic on different ports going to different servers.  

 

For example 1:Many NAT

Public IP 8.8.8.8 (this would be one of your public IPs)

TCP 8000 to LAN IP 10.0.0.1

TCP 61500 to LAN IP 10.0.0.2

 

So if someone goes to 8.8.8.8:8000 they land at your 10.0.0.1 server port 8000 or whatever you map it to

if someone goes to 8.8.8.8:61500 they land at your 10.0.0.2 server port 61500 or whatever you map it to.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels