Meraki

Community

Routing internal traffic out to a specific public IP - MX65

Solved
IanDonald
Conversationalist
‎Nov 19 2019 4:54 AM
‎Nov 19 2019 4:54 AM

Routing internal traffic out to a specific public IP - MX65

Hi All,

 

First time poster.

 

I have 2 ISPs. 

ISP1/WAN1 - 1 Public IP

ISP2/WAN2 - 5 Public IPs

 

Is it possible to route outgoing traffic using WAN2 with a specific public IP address?

 

Would like to separate guest wifi and exchange server traffic to use a specific public IP address on WAN2.

 

Thanks

Ian

0 Kudos
1 Accepted Solution
theshmike
Getting noticed
‎Nov 21 2019 1:04 PM
‎Nov 21 2019 1:04 PM

I had the same question a few months ago, and I've found out, that the MX cannot do that.

The MX always SNATs with the address of the uplink.

 

On Sophos gear, the feature is called "masking", but Meraki can only do incoming NAT with multiple addresses

 

No clue what the folks at Meraki thought by not implementing such an essential feature 😉

View solution in original post

5 Replies 5
nealgs
Building a reputation
‎Nov 19 2019 5:28 AM
‎Nov 19 2019 5:28 AM

check out this thread Ian

 

https://community.meraki.com/t5/Security-SD-WAN/Meraki-mx64-with-two-Internet-connections/td-p/22295

 

similar question on an MX64, but should apply the same

 

hope this is useful

In response to nealgs
IanDonald
Conversationalist
‎Nov 19 2019 5:43 AM
‎Nov 19 2019 5:43 AM

Thanks for the link nealgs 

 

I have managed to setup the second WAN/ISP fine. I have rules in place to route inbound traffic using the public IP addresses fine using 1:Many NAT. Just can’t find anywhere to allow me to direct outbound traffic with a specific public IP address.
Under SD-WAN & traffic shaping we can use Flow preferences to use a preferred uplink only (WAN 1 or WAN 2), not a public IP address.

0 Kudos
In response to IanDonald
jdsilva
Kind of a big deal
‎Nov 19 2019 7:00 AM
‎Nov 19 2019 7:00 AM

The 1:1 NAT is the only option. You can't, for example, SNAT an entire subnet to one IP outbound. 

http://blog.brokennetwork.ca | @jdsilva
theshmike
Getting noticed
‎Nov 21 2019 1:04 PM
‎Nov 21 2019 1:04 PM

I had the same question a few months ago, and I've found out, that the MX cannot do that.

The MX always SNATs with the address of the uplink.

 

On Sophos gear, the feature is called "masking", but Meraki can only do incoming NAT with multiple addresses

 

No clue what the folks at Meraki thought by not implementing such an essential feature 😉

In response to theshmike
IanDonald
Conversationalist
‎Nov 21 2019 1:52 PM
‎Nov 21 2019 1:52 PM

Thanks for the info. I have came to the same conclusion.

 

To me such a basic feature missing. 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.