Meraki

Community

support many-to-one NAT (PAT or NAT overload) functionality.

Zubair-A
Conversationalist
a month ago
a month ago

support many-to-one NAT (PAT or NAT overload) functionality.

We are requesting Meraki’s assistance in developing an important security feature to support many-to-one NAT (PAT or NAT overload) functionality. Specifically, we need the ability to translate traffic from a source network (such as our Guest network) to a public IP address provided by our ISP.

 

This capability would allow us to logically separate guest traffic from production traffic, ensuring that only production traffic—already whitelisted by our vendors—remains trusted. Since our vendors do not wish to whitelist guest network traffic, implementing this feature is critical for maintaining both security and network integrity.

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
a month ago
a month ago

You can also give them your feedback.

 

https://documentation.meraki.com/General_Administration/Other_Topics/Give_your_feedback_(previously_...)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ww
Kind of a big deal
Kind of a big deal
a month ago
a month ago

Not what you asking for. But,

 

You could send guest traffic to a concentrator and break out there. 

Or send just vendor specific traffic to a one armed concentrator and break out there

0 Kudos
In response to ww
Zubair-A
Conversationalist
a month ago
a month ago

Thanks for the feedback. We want to avoid saturating the WAN circuits. The design aims to break out guest and certain trusted partners, like O365, traffic locally.

The challenge arises when both types of traffic leave the local site: their source IPs appear the same. When partners whitelist these IPs, not only the trusted traffic is allowed, but guest traffic is inadvertently included as well.

Currently, 1-to-1 NAT is possible, but our goal is Many-to-1 NAT. This would allow us to assign a separate public source IP to guest traffic, ensuring proper segregation and correct whitelisting.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
a month ago
a month ago

This would be nice.

 

Not the fix that you want, but for customers where this is important, I used a second consumer-grade Internet circuit on WAN2.  Then create an Internet flow preference for the guest subnet to prefer WAN2.

 

It is usually quite a cheap solution as well.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.