Meraki

Community

Public IPs on Local Devices

Solved
Zac123
Here to help
‎Nov 30 2021 11:37 AM
‎Nov 30 2021 11:37 AM

Public IPs on Local Devices

Hey all:

 

I'm planning to swap out an existing non-Meraki device with an MX95.  Some of the devices behind the existing firewall have public IPs.  The internal interface on the existing router has a public IP also, and that's how those devices get out to the internet.  So they still go through the firewall, but they aren't NATed.

 

I'm trying to figure out how to make this work.  I know that I can get Meraki support to enable a No NAT beta feature, but I'm hesitant to do so.  Lots of the MX features are in beta, but this one is so beta that support has to enable it.  That makes me nervous and not want to go that route.

 

Does anyone have an idea that doesn't involve the No NAT feature?

0 Kudos
1 Accepted Solution
Ryan_Miles
Meraki Employee
Meraki Employee
‎Nov 30 2021 11:41 AM
‎Nov 30 2021 11:41 AM

You don't need no nat feature. In the 1:1 NAT just enter the same IP in the Public and LAN boxes.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

4 Replies 4
Ryan_Miles
Meraki Employee
Meraki Employee
‎Nov 30 2021 11:41 AM
‎Nov 30 2021 11:41 AM

You don't need no nat feature. In the 1:1 NAT just enter the same IP in the Public and LAN boxes.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Ryan_Miles
Zac123
Here to help
‎Nov 30 2021 11:55 AM
‎Nov 30 2021 11:55 AM

Thanks for the reply.

 

I didn't think of that.  Have you done something like that before?  I just assumed that the dashboard wouldn't let me configure a 1:1 rule like that.

 

Edit:  I did some digging on this.  The dashboard let's me configure the same address for the public and private IP.  Also, I stumbled on a reddit post where someone did this.  My only issue now is that there isn't a way to filter traffic other than identify which source addresses are allowed.  For example, I can't filter out all traffic except a handful of TCP and/or UDP ports.  Would it be better to use the 1:Many NAT instead and forward the specific ports that communication is allowed on?  

0 Kudos
In response to Zac123
Ryan_Miles
Meraki Employee
Meraki Employee
‎Nov 30 2021 12:10 PM
‎Nov 30 2021 12:10 PM

That is the recommended way and we have many customers using it.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
In response to Zac123
Ryan_Miles
Meraki Employee
Meraki Employee
‎Nov 30 2021 12:21 PM
‎Nov 30 2021 12:21 PM

If you click the Allow more connections link you can enter lines for specific protocol, ports, and remote IPs to allow

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.