Source NAT'ing Guest Networks

Getting noticed

Source NAT'ing Guest Networks

I'm curious what work arounds people are using to get around the source NAT'ing limitation of the Meraki firewalls?  We generally run two WAN connections with one primary and one for failover.  We have some resources in AWS that we would like to restrict with source IP address, and Meraki makes this difficult because the corporate and guest networks exit to the Internet with the same external IP address.  I know we can block certain destinations on the guest network with the layer 3 & 7 firewall rules, but it's becoming difficult to manage as our AWS infrastructure grows.  Is anyone using a link aggregator like a Peplink or something?  I'm guessing someone has found a solution for this.  Thanks.

Kind of a big deal
Kind of a big deal

VMX in AWS.  Clients connect over AutoVPN to AWS servers private IP addresses and don't go over the Internet.  Don't connect guest VLAN to AutoVPN.

I suppose that would solve some of my AWS issues, but I forgot to mention we also have some sites in CloudFlare as well so it's a little more complicated.  I love Meraki, but this little limitation is killing me.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.