I am using MX 84 appliance for my branch office connectivity and established site to site VPN with HO, We are trying to collect few operational details from branch end projector to HO server through SNMP. The problem is projector is not supporting routing.. It responds to any traffic from same IP segment but not from other ip segments. confirmed the same by enabling local L3 routing.
Can I do source NAT @branch MX 84 device to make sure the traffic hits projector from same IP segment.
@Mahadevan What is the projector model, it sounds like there is no default gateway set. Can you ping it from a remote subnet? I haven't seen an IP capable device where you cannot set a gateway for a long time but perhaps this is a very old device?
We are giving the gateway address at the projector end.. Please find the projector details
Make : Christie
Model : CP4325-RGB
Can you ping the projector from its own subnet?
Can you ping it from a different subnet?
Can you ping the projector from its own subnet?
Yes
Can you ping it from a different subnet?
Nope
I have followed all this basic tshooting and then only posted this query..
Did you follow the instructions below and did you choose manual, if so what do you have for the first 3 and what are the equivalent on your router/firewall/L3 switch?
1. Connect the Ethernet cable from the theater network to the Management port on the input
panel.
2. In the left navigation menu, tap Service Setup > Network Settings.
3. In the Port list, tap Management.
4. Enter the network settings:
• To obtain the network settings automatically, tap Automatic.
• To enter the settings manually, tap Manual and complete these fields:
Field Description
IP Address The IP address of the projector.
Subnet Mask The subnet mask to which the IP address belongs.
Gateway The IP address for the network gateway.
Primary DNS The IP address of the primary DNS server.
Secondary DNS The IP address of the secondary DNS server.
5. Tap Save.
@cmr Hi, As suggested by TAC upgraded the firmware to 15.7 Beta and Meraki product team enabled the feature in my console. Now I can enable source NAT at my local interface. Refer the attachments.
Due to the problematic device non availability we could not able to test the same. But how it works.. I have applied source NAT in my VLAN and my expectation is to NAT the traffic which is coming from other site VPN to my local LAN, Anyhow it can work opposite also . . It can NAT my LAN IP into MX interface IP and send it to other VPN sites.. If it works in the 2nd way i will not get solution. Any thoughts.
Hi,
is Source-NAT already officially released or a hidden/BETA feature? Unfortunately I could‘nt find some documentation about it?!
I'm also interested in this...did you ever receive an answer?
If it is not the default gateway perhaps the subnet mask is wrong. It is almost certainly one of those two.
To answer your orginal question, no you can not do SNAT.
@PhilipDAth Hi, As suggested by TAC upgraded the firmware to 15.7 Beta and Meraki product team enabled the feature in my console. Now I can enable source NAT at my local interface. Refer the attachments
Due to the problematic device non availability we could not able to test the same. But how it works.. I have applied source NAT in my VLAN and my expectation is to NAT the traffic which is coming from other site VPN to my local LAN, Anyhow it can work opposite also . . It can NAT my LAN IP into MX interface IP and send it to other VPN sites.. If it works in the 2nd way i will not get solution. Any thoughts.
As this is being referenced in cases currently, I'd like to clarify the following:
"Disable NAT per uplink" is known as No-NAT, and this is a beta feature that isn't fully supported yet, as it is still undergoing internal testing and improvements. We do not recommend beta features for production environments, however, if your deployment requires the use of this feature, we recommend testing in a lab environment first.
"Source NAT" is currently not a supported feature, and will not function as intended, as it is also undergoing internal stability and performance testing at this time. We cannot recommend the use of this feature currently.
Hello JosRus, what is the status of source nat now 6 months later?
The Source NAT feature is currently still considered Beta and under continued development. We have a lot of features being worked on and at times some need to take precedence over others.
As we aim to release features that are ready for implementation in your networks, source NAT is at the moment not recommended for production environments.
I'am still discussing with support about this topic and wondering why most other vendors have a "complete NAT solution" implemented in their solutions. I don't want to install a Sophos in an Meraki-ONLY environment because NAT is only implemented in basic manner.
unfortunately nothing seems to have happened yet. unfortunately i have another customer who needs internal nat (between VLANs) and i can't offer him MX now.
or does anyone else here have an idea?
Source NAT would be a super handy feature we could use. Hopefully it's still on the dev todo list.