Meraki

Community

Secondary IP addresses on interfaces on MX devices?

Solved
NCITPro
Conversationalist
‎Jul 3 2019 6:19 AM
‎Jul 3 2019 6:19 AM

Secondary IP addresses on interfaces on MX devices?

Does anyone else have a need for secondary IP addresses on interfaces on MX devices?  I have seen customers that are trying to leverage MX to replace SMB firewall products and they need support for an additional /29 on the WAN interface to allow for additional 1:1 NAT configurations.  I feel like this is a shortfall but curious if others see it the same way. Also helps with migrations/re-ip addressing of subnets on internal interfaces at times.

 

[Mod comment: changing thread title to reflect thread contents!]

1 Accepted Solution
GreenMan
Meraki Employee
Meraki Employee
‎Jul 4 2019 10:05 AM
‎Jul 4 2019 10:05 AM

Agree with other commenters on this.   Have a look here:   https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

View solution in original post

5 Replies 5
jdsilva
Kind of a big deal
‎Jul 3 2019 6:53 PM
‎Jul 3 2019 6:53 PM

Hey @NCITPro. I'm a little confused by your statements. In my experience with firewalls 1:1 NAT and secondary IP addresses have no relationship. In every case I've ever worked on, the Meraki MX included, 1:1 NATs are more akin to a VIP as opposed to a secondary address. If you have a /29 for your WAN subnet you can configure 1:1 NAT on an MX for the unused addresses in that subnet. You can also configure 1:1 NAT for addresses in another subnet. 

 

 

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 4 2019 3:55 AM
‎Jul 4 2019 3:55 AM

I'd with @jdsilva - these are two seperate things.  You just get the extra /29 routed towards the MX and configure 1:1 NAT.  I've done it several times before and it works fine.

In response to PhilipDAth
NCITPro
Conversationalist
‎Jul 8 2019 6:27 AM
‎Jul 8 2019 6:27 AM

Thanks Philip. I have not had a chance to try it yet but in looking at how I would do it, I expected to need to be able to configure it on an interface somehow. I even stopped by the Meraki zone at CLUS the other week and asked. I was told to assign it to an interface, even if that interface was not in use but I cannot use those IPs in NAT if I did it on a non-WAN interface. I will certainly give this a shot when the addresses get assigned this week.
0 Kudos
In response to jdsilva
NCITPro
Conversationalist
‎Jul 8 2019 6:26 AM
‎Jul 8 2019 6:26 AM

Thanks.  I have not had a chance to try it yet but in looking at how I would do it, I expected to need to be able to configure it on an interface somehow.  I even stopped by the Meraki zone at CLUS the other week and asked.  I was told to assign it to an interface, even if that interface was not in use but I cannot use those IPs in NAT if I did it on a non-WAN interface.  I will certainly give this a shot when the addresses get assigned this week.

GreenMan
Meraki Employee
Meraki Employee
‎Jul 4 2019 10:05 AM
‎Jul 4 2019 10:05 AM

Agree with other commenters on this.   Have a look here:   https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.