WAN range /29


WAN range /29

Hi All,


I have following situation: I have range of 8 public ip addresses (/29) routed to WAN1 public IP. Let's call them Public_IP_1 to Public_IP_8

On Internal network, I have 4 subnets (VLANs):


I'm trying to do following (like I have on current non-Meraki device):
all outgoing traffic from should be nat'd to Public_IP_3

all outgoing traffic from should be nat'd to Public_IP_4

all outgoing traffic from should be nat'd to Public_IP_5

all outgoing traffic from should be nat'd to Public_IP_6


outgoing traffic from SMTP server to anywhere to port 25 should be nat'd to Public_IP_7.


I checked on Traffic shaping page this where support point me to, but don't know how to do it.. If you have two different connections (ie. WAN1 and WAN2), it can be done, but I have range of 8 addresses, routed to WAN1 public IP, and WAN2 port is not in use.


I was looking on 1:1, 1:many, port forward.... can't do it...

I hope this can be done on such device (MX84) as it can be done on much cheaper devices


I hope I missed something to make it work as it is critical for company I work for.


Thank you all in advance.



Kind of a big deal
Kind of a big deal

Everything possible with Meraki MX regarding NAT is listed here: https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX


Guess you're out of luck here.

Kind of a big deal
Kind of a big deal

Meraki devices are easy to work with but they're not the most flexible.

Flexibility and features are inverse proportionate to ease of configuration and use.

You can easily achieve the tasks it supports but it's really hard to wigle it into positions it's not made for.


The supported features sofar are:
NAT your subnets to the interface IP address.
NAT one external IP (from a pool) to one internal IP
NAT external IP (from a pool) to a specific insde host and port.
Static NAT over VPN if you need NAT over VPN and only if you ask support.

You could make a wish.

The NAT feature I myself wish for is rather due to the depletion of IPv4 address space and that is to be able to NAT to an IP pool that is not related to your WAN uplink.  So you could have private address space in uplink and a full /29 as a NAT subnet that is routed towards your uplink IP or vIP.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.