Routing internal traffic out to a specific public IP - MX65

Solved
IanDonald
Conversationalist

Routing internal traffic out to a specific public IP - MX65

Hi All,

 

First time poster.

 

I have 2 ISPs. 

ISP1/WAN1 - 1 Public IP

ISP2/WAN2 - 5 Public IPs

 

Is it possible to route outgoing traffic using WAN2 with a specific public IP address?

 

Would like to separate guest wifi and exchange server traffic to use a specific public IP address on WAN2.

 

Thanks

Ian

1 Accepted Solution
theshmike
Getting noticed

I had the same question a few months ago, and I've found out, that the MX cannot do that.

The MX always SNATs with the address of the uplink.

 

On Sophos gear, the feature is called "masking", but Meraki can only do incoming NAT with multiple addresses

 

No clue what the folks at Meraki thought by not implementing such an essential feature 😉

View solution in original post

5 Replies 5
nealgs
Building a reputation

check out this thread Ian

 

https://community.meraki.com/t5/Security-SD-WAN/Meraki-mx64-with-two-Internet-connections/td-p/22295

 

similar question on an MX64, but should apply the same

 

hope this is useful

IanDonald
Conversationalist

Thanks for the link nealgs 

 

I have managed to setup the second WAN/ISP fine. I have rules in place to route inbound traffic using the public IP addresses fine using 1:Many NAT. Just can’t find anywhere to allow me to direct outbound traffic with a specific public IP address.
Under SD-WAN & traffic shaping we can use Flow preferences to use a preferred uplink only (WAN 1 or WAN 2), not a public IP address.

jdsilva
Kind of a big deal

The 1:1 NAT is the only option. You can't, for example, SNAT an entire subnet to one IP outbound. 

theshmike
Getting noticed

I had the same question a few months ago, and I've found out, that the MX cannot do that.

The MX always SNATs with the address of the uplink.

 

On Sophos gear, the feature is called "masking", but Meraki can only do incoming NAT with multiple addresses

 

No clue what the folks at Meraki thought by not implementing such an essential feature 😉

IanDonald
Conversationalist

Thanks for the info. I have came to the same conclusion.

 

To me such a basic feature missing. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels