vMX - NAT mode and DHCP

thomasthomsen
Getting noticed

vMX - NAT mode and DHCP

So reading in the vMX Setup guide I see NAT mode.

What is this, in relation to NAT mode on a normal MX ?

Is it only for NAT'ing over the VPN ?

 

The second question I have, how do I change the MX from Onearmed to NAT ?

The Setup guide says this is possible, with a restart, it just omits how.

 

Regarding DHCP.

If in NAT mode, can I then have a DHCP server running for subsites on this thing ?

Like if I wanted a central DHCP server (in Azure), I know this is not, in any way optimal, or probably advised, but I really want to know 🙂

 

Thanks 🙂

/Thomas

11 REPLIES 11
UCcert
Kind of a big deal

Re: vMX - NAT mode and DHCP

Hi @thomasthomsen 

 

NAT mode will translate your internal address space and present the source/Public IP to the internet.

 

To change from one-armed concentrator to NAT go to Security & SD-WAN > Configure > Addressing & VLAN's

 

Select Routed Mode

 

UCcert_0-1623422190664.png

 

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
thomasthomsen
Getting noticed

Re: vMX - NAT mode and DHCP

Yes yes ... that works all very well and fine on a normal MX.

But a vMX ?

Not so much it appears.

As you can see, there is no Addressing & VLANs page.

thomasthomsen_0-1623424447505.png

 

So either my vMX has a bug, or this is why its not specified in the documentation 🙂

 

Inderdeep
Kind of a big deal

Re: vMX - NAT mode and DHCP

@thomasthomsen : hope you all covered this 

Inderdeep_0-1623424842575.png

 

Regards
Inderdeep Singh
www.thenetworkdna.com ( Awarded by Cisco IT Blogs award 2020)
thomasthomsen
Getting noticed

Re: vMX - NAT mode and DHCP

I started here : https://documentation.meraki.com/MX/MX_Installation_Guides/vMX_Setup_Guide_for_Microsoft_Azure

 

From this document:

Concentrator Mode 

All MXs can be configured in either NAT or VPN concentrator mode. There are important considerations for both modes. If needed, refer to the article on concentrator modes for more detailed information.

One-Armed Concentrator 

In this mode, the MX is configured with a single Ethernet connection to the upstream network. All traffic will be sent and received on this interface. This is the only supported configuration for MX appliances serving as VPN termination points into Azure Cloud.

NAT Mode Concentrator 

In this mode, the MX is configured with a single Ethernet connection to the upstream network and one Ethernet connection to the downstream network. VPN traffic is received and sent on the WAN interfaces connecting the MX to the upstream network and the decrypted, unencapsulated traffic is sent and received on the LAN interface that connects the MX to the downstream network. 

 

Note: A limited NAT mode capability can be enabled on the vMX in which traffic from the spokes will be NATed to the vMX's IP as it egresses the vMX in to your datacenter.  Other capabilities of the NAT mode including DHCP, HA or multiple ports (LAN and WAN) are not supported.  In each mode the vMX is still a one-armed appliance with one network interface

 

If you wish to change the concentrator mode after the vMX deployment, you must restart the instance for the changes to be applied. Please choose the desired concentrator mode before the vMX deployment.

 

The document does not tell how you change this mode. - It just says you have to restart the instance ?

So will it magically just change mode if I restart it ? - I highly doubt that 🙂

UCcert
Kind of a big deal

Re: vMX - NAT mode and DHCP

sorry @thomasthomsen - I didn't see the vmx element!

 

That sentence sums it up "In each mode the vMX is still a one-armed appliance with one network interface".  I only ever run these in concentrator mode.

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
thomasthomsen
Getting noticed

Re: vMX - NAT mode and DHCP

No problem, but I really wanted to test out the "other mode".

Because I want to know what it does, and what extra things I can get out of it.

But the problem is that there does not seem to be a way to convert it (even though the documentation says so).

rbnielsen
Head in the Cloud

Re: vMX - NAT mode and DHCP

What happens if you create the network as an appliance only, configure NAT mode, and then add the vMX?

 

Or maybe use a template?

rbnielsen
Head in the Cloud

Re: vMX - NAT mode and DHCP

I might imagine this is a Support Enabled operation as well though..
PhilipDAth
Kind of a big deal

Re: vMX - NAT mode and DHCP

I think this might be the critical bit.

 

"Please choose the desired concentrator mode before the vMX deployment."

thomasthomsen
Getting noticed

Re: vMX - NAT mode and DHCP

Yeah but why do they also write this then.

 

"If you wish to change the concentrator mode after the vMX deployment, you must restart the instance for the changes to be applied."

 

Lets just say: "Instructions unclear ....."

thomasthomsen
Getting noticed

Re: vMX - NAT mode and DHCP

My thoughts as well (at this point), but the instructions are not good, can we all agree on that ? 🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.