We have an interesting setup with one of our ISP connections. Comcast has provided a /27 to our network using what they call an Ethernet Dedicated Internet Circuit (EDI) where they provide their customers with a non-routable /30 (WAN) network and a publicly routable /27 LAN network. In order for you to use the /27, the customer needs to provide a router to route the traffic. Our environment is setup with an HA Firewall, an IPS/IDS, and multiple other edge devices so we cannot use our Firewalls to route this traffic.  In order to facilitate this,we are using a MX100 as a our "edge ISP" router. I worked with Meraki support and they stated that because the MX100 is performing NATs on all traffic to the /30, the Comcast router/modem isn't actually seeing the traffic coming from the /27 so the traffic drops.    Per supports request, I setup my MX100 as follows: Setup the Internet Port 1 with the WAN the /30 IP address. Setup a VLAN on the MX100 that is a private network. In this example, we used 10.0.0.0/24 Assign our downstream devices to the private network VLAN. Setup a 1:1 NAT on the MX100 that allows the private IP address to the public /27.    Doing this was successful! However, this is an issue because I have reassign all of my downstream devices with private IP addresses.    As a work around, I set my "private network" VLAN on the MX100 to what the /27 network is and my 1:1 NAT set so the Public IP and LAN IP are the same.   This too is working successfully, but I'd like to know if the 1:1 NAT to itself is going to cause any issues, if this has ever been done, and if anyone has any suggestions.        ... View more