I'm deploying a CUBE SBC hanging off our Meraki MX
What I've found so far is that we can do a 1:1 NAT with the MX, but it has not ALG to handle swapping out the external/internal SIP messages.
CUBE is a beast, and we can write SIP profiles to do this, but I don't really want to manually intervene like that.
I'm thinking at the moment, I may just give the CUBE a public IP (same network as outside MX interface) on an outside interface, and then give it an inside interface back into the MX on a DMZ.
That solution would work, but I would still rather have the CUBE behind the MX.I don't think I can route inbound traffic through the MX onto a DMZ without using NAT though?
I don't think I can route inbound traffic through the MX onto a DMZ without using NAT though? (I would still want to limit traffic with firewall rules from internet to CUBE)
This also just raises the question - can I have a DMZ running public IP's without NAT?
Has anyone else tackled this?
Am I missing anything?
* EDIT * Just checking to see if I can do a 1:1 NAT with the same Public and LAN IP - i.e. 22.214.171.124 to 126.96.36.199 to achieve the inbound routing?
Both 1:1 NAT or 1:Many NAT would be options here, depending on how many ports you need to map and whether you need to map connections initiated by CUBE to a specific public address as well. The cleanest way to implement this would be to use a private IP address with CUBE. Would that work, i.e. does CUBE let you configure rules based on public IP addresses while it has a private IP address configured.
It would definitely need to be a 1:1 bi-directional NAT, so CUBE uses same address outbound.
I can put SIP profiles onto CUBE that swap the public and private addressing, but it's not a clean option.
I have not had a chance to test yet. But I was wondering if we could create a DMZ with public IP's.
I was going to see if I could configure a NAT rule that basically uses the same IP as outside and inside.
I.e. Public ip 188.8.131.52 to Private ip 184.108.40.206
Then I was going to put that 220.127.116.11 in a DMZ.
It looked like it let me configure it, but I'm not sure if it will actually work yet.
Did the 1:1 Nat with private addresses work for you?
I am currently testing a couple MX's in our MPLS environment. So far it seems to be working well, I'm a little skeptical if it is the correct approach.