Meraki

Community

Source NAT'ing Guest Networks

JohnT
Getting noticed
‎Jul 27 2021 5:14 PM
‎Jul 27 2021 5:14 PM

Source NAT'ing Guest Networks

I'm curious what work arounds people are using to get around the source NAT'ing limitation of the Meraki firewalls?  We generally run two WAN connections with one primary and one for failover.  We have some resources in AWS that we would like to restrict with source IP address, and Meraki makes this difficult because the corporate and guest networks exit to the Internet with the same external IP address.  I know we can block certain destinations on the guest network with the layer 3 & 7 firewall rules, but it's becoming difficult to manage as our AWS infrastructure grows.  Is anyone using a link aggregator like a Peplink or something?  I'm guessing someone has found a solution for this.  Thanks.

Labels:
0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 27 2021 7:29 PM
‎Jul 27 2021 7:29 PM

VMX in AWS.  Clients connect over AutoVPN to AWS servers private IP addresses and don't go over the Internet.  Don't connect guest VLAN to AutoVPN.

0 Kudos
In response to PhilipDAth
JohnT
Getting noticed
‎Jul 29 2021 2:07 PM
‎Jul 29 2021 2:07 PM

I suppose that would solve some of my AWS issues, but I forgot to mention we also have some sites in CloudFlare as well so it's a little more complicated.  I love Meraki, but this little limitation is killing me.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.