Port Forwarding and NAT on MX64

Lord-Arthas
Comes here often

Port Forwarding and NAT on MX64

Nat.png

Merak.pngmerak2.png

I know how this topology on a Cisco Router, can be implemented

but on a Meraki MX64, I can't figure, please show me step by step how to config this with GUI, I can't find a way in this GUI to associate one specific valid public IP address+port to a private address

Question 1)

First as you can see from the picture of MX64 itself, we have one uplink(internet link) and 4 port to internal LAN

so how can we have 2 uplinks as this menu is suggesting, I only see one port?

 

Question 2)

Port Forwarding

I think for this part I need to go to

Appliance status->Uplink, and click on that pen next to WAN

Switch6500(config)#int fa1/1

Switch6500(config-if)#ip add 81.1.1.30 255.255.255.252

 

For this part you need to goto Security -> Firewall but I can't figure how to associate public port and IP to private

Switch6500(config)#ip nat inside source static 192.168.1.50 80 81.1.1.30 80

Switch6500(config)#ip nat inside source static 192.168.1.51 80 81.1.1.31 80

 

Switch6500(config)#int fa1/1

Switch6500(config-if)#ip nat inside

Switch6500(config)#int fa1/2

Switch6500(config-if)#ip nat outside

 

Question 3)

Overloading with PAT

Switch3650(config)#access-list 1 permit 192.168.1.1 0.0.0.31 (overload the range from 192.168.1.1 to 192.168.1.32 on ip 81.1.1.30 )

Switch3650(config)#ip nat inside source list 1 81.1.1.30 overload

3 REPLIES 3
PhilipDAth
Kind of a big deal
Kind of a big deal

Your diagram does not make any sense to me with respect to your questions.  You ask about a second WAN port, but your diagram only has a single cloud.

 

You go to the Ethernet page on the local status page to change one of the LAN ports into a second WAN port.

https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Using_the_Cisco_M...

 

This document covers how to do inbound PAT.

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

 

Outbound NAT is automatic.  There is nothing to configure.  It uses the IP address configured on the WAN interface that it is going out.

 

 

 

 

Thx a lot

So Security -> Firewall is all about inbound NATs?

So how should I do the port forwarding for my 2 different webservers, to be accessible from outside on port 80? I have two Public IP addresses on my UPlink interface..

Webserver1 local IP(192.168.1.50)     Webserver2 Local IP(192.168.1.51)

Webserver1 External IP(81.1.1.30)     Webserver2 External IP(81.1.1.31)        

no offense taken

question 1 is not about my diagram but where those two uplinks on the device itself are coming from that you explained it.

I can't tell what part of my diagram doesn't make any sense, but if you ask I can explain.

 

I just need to achieve the same result of these two commands on a GUI

Switch6500(config)#ip nat inside source static 192.168.1.50 80 81.1.1.30 80

Switch6500(config)#ip nat inside source static 192.168.1.51 80 81.1.1.31 80

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels