Meraki

Community

Public IP on MX incoming and outgoing

SAMTD
Just browsing
‎Sep 14 2020 3:10 AM
‎Sep 14 2020 3:10 AM

Public IP on MX incoming and outgoing

Dear Colleagues,

 

I've got a customer operating a watchguard FW, we are going to replace this one with a MX84 soon.

On the current FW config there is 2 set of public IPs configured on the WAN interface : 1 for the interface itself /30 and 4 as alias IPs /29..

 

example:

WAN interface mx ip: 10.1.1.2/30

public alias IP : 11.1.1.1/29

mx lan ip (vlan 10): 192.168.1.1/24

mail server ip: 192.168.1.1/24

 

Each IP is reachable from outside. My customer asks if it's possible  if they want to do NAT

for their email, which is currently running on watchguard outgoing using ip alias 11.1.1.1/29 and in incoming is using 11.1.1.2/29. For incoming/inbound yes we can do NAT 1:1 or 1:many. how about outgoing is there any other way i can configure for outgoing using alias ip 11.1.1.1 instead of outgoing using wan interface ip: 10.1.1.2/30?

 

Many thanks,

0 Kudos
4 Replies 4
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 14 2020 3:44 AM
‎Sep 14 2020 3:44 AM

The MX has a different concept for the usage of the additional IPs on the external interfaces. You do not configure any aliases, but the moment where a 1:1 NAT exists, this IP is also used for outgoing communication.

 

In the Firewall-section of the MX you need an 1:1 entry:

Public IP: 11.1.1.1

LAN IP: 192.168.1.1

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
SAMTD
Just browsing
‎Sep 14 2020 4:00 AM
‎Sep 14 2020 4:00 AM

Hi Karstenl,

 

If i configure both ip 1:Many NAT so inbound port forwoding is using 11.1.1.1 for SMTP and another ip 11.1.1.2 inbound 1:many NAT for pop3 and port forwarding to same server, is it means outgoing packet using ip 11.1.1.2 or 111.1.1.1?

 

thanks

0 Kudos
In response to SAMTD
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 14 2020 4:12 AM
‎Sep 14 2020 4:12 AM

Outgoing traffic is not controlled by these 1:Many rules. The outgoing traffic would still use the interface IP of the MX.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 14 2020 2:06 PM
‎Sep 14 2020 2:06 PM

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Configuring_1%3A1_NAT 

 

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX#... 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.