Hello Members,
I have purchased /24 Public IP Pool from my upstream service provider. UP link is 1st terminated in the switch and than one cable from the switch terminated on the WAN interface on MX and Public IP given on WAN interface and MX is online.
Now my question is how do i use my rest of Public IP Pool through Meraki? I want Public IP Pool routed from meraki.
Thank you
@khurram you use 1:1 NAT to map individual public IPs to individual internal private IP addresses. Do you have a lot of internal servers that need public access?
thanks for the reply i do not want to assign private IP and use 1:1 Nat i want to assign Public IP to any device/server etc.
Its also possible to use no nat.
Not sure if you can use the wan ip and lan from same subnet. Or you have to break the subnet in smaller pieces.
Passthrough mode on the MX. Your MX will just behave as a Layer 2 bridge
As @cmr states, use 1:1 NAT to map public IPs to your internal addresses.
https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Configuring_1%3A1_NAT
Hi,
did you try ip nat overload feature?
Maybe this link will help you.
https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX
M
If you got public IP subnet for link as /30 subnet and the rest of you public IP address is pool /24 subnet Than you can just add that subnet to inside part (interface) to the rest of your network. In this case a ISP has route to this /24 pool of these public addresses via /30 subnet. You can use the rest of your pool as you want. Use it as the whole /24 subnet or divide it in smaller chunks of subnets for example 2x/25 sunets or 4x/26 subnets etc..
M
If you have just the /24 and it is not routed via a stub, then as @DarrenOC says, you can use passthrough mode.
Or as it @mljevakovic says, if you have a stub (/30 for example) and the /24 is routed via that then open a support ticket and request NO-NAT be enabled. Then you'll see it under Security & SD-WAN/Addressing & VLANs.
Note that inbound traffic is not allowed by default. If you want to be able to create inbound firewall rules as well also ask support to enable "L3 Inbound Rules".
Hello,
i have assigned Public IP e.g. 192.168.120.2 to my WAN interface and rest of the pool 192.168.120.5 to my LAN interface and also disable NAT on that interface but still i cannot access the IP from outside.
@khurram if you only have one subnet then you either need to divide it or put the MX in passthrough mode. What subnet mask have you put on the WAN interface?
i.e. for routed mode
WAN 192.168.0.2 with subnet mask of 255.255.255.240
LAN 192.168.0.160 with subnet mask of 255.255.255.128
@cmr Yes i have divided the subnet.
WAN IP: 192.168.120.0/30
LAN IP: 192.168.120.4/29 etc....
but still i cannot access the IP 192.168.120.6 which is on device from outside.
If you were going to break up your subnet like that then it would be:
192.168.120.0/30
192.168.120.4/30
192.168.120.8/29
And you would need to get 192.168.120.8/29 routed via your IP address in 192.168.120.0/30. You would also need to open a support case and get inbound firewall rules enabled to allow the traffic in. All traffic in that is not NATed is blocked by default.
Hello,
Yes i did the same as you mentioned and L3 Firewall is also enabled and allow any any is set but no effect. I'll be grateful to you if you share screenshots.