SourceNAT imitation MX

SOLVED
Toby
Getting noticed

SourceNAT imitation MX

Hello!

 

We have a customer which currently have an ASA source NAT traffic going into a VPN tunnel to an IP different than the WAN IP. They are migrating to MX and I know that MX don't do SNAT, but I think the same end result can be achieved using the following:

 

On the MX I will create a flow preference which points the interesting traffic to the secondary WAN interface on the MX, this interface will be configured with the IP address that the ASA previously used as the source NAT address.

 

I'm also concerned how much of an performance impact this configuration will have on the MX device.

 

If anyone can confirm this to work it would be great.

1 ACCEPTED SOLUTION
jdsilva
Kind of a big deal

This will work for Internet traffic, but not for VPN traffic. 


I haven't tested to see exactly how many would be needed, but you would need a very large amount to impact the performance in any meaningful way. 

View solution in original post

2 REPLIES 2
jdsilva
Kind of a big deal

This will work for Internet traffic, but not for VPN traffic. 


I haven't tested to see exactly how many would be needed, but you would need a very large amount to impact the performance in any meaningful way. 

Toby
Getting noticed

Okay, thanks for the answer!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels