Does Cisko Meraki supports source Nat from inside to outside?

samoa683 · ‎07-27-2023

We are building a B2B ipsec vpn tunnel with a customer who are using cisco meraki as their vpn device. In the past I remember that we had issues with meraki regarding NAT. What we need, is for customer source nat their internal ip's (ex. 192.168.1.0/24) to one single ip, (ex. 10.10.10.1), before the packets enter the tunnel. Is this possible on meraki, and if not, what are our options?

Speed Test https://vidmate.bid/

Flavio Miranda · ‎07-27-2023

Hi @samoa683

When we say Meraki we are referring to a whole product line. But yes, Meraki (MX) will support all kinds of NAT as you can see here

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

natasham6900 · ‎07-27-2023

Since you mentioned that you want the customer to perform the NAT before the packets enter the tunnel, the customer can configure Source NAT (SNAT) on their internal network to translate their internal IP addresses (e.g., 192.168.1.0/24) to a single IP address (e.g., 10.10.10.1) before sending traffic over the IPsec VPN tunnel. This NAT configuration would be done on the customer's side, independent of the Meraki device.

kapplejacks · ‎03-25-2024

Cisco MX appliances do not support NAT from the dashboard and also as a backend settings change.

The Source NAT feature (allow you to change an internal IP to a new external for lets say private to private IP communication) is now unavailble to be enabled even from the support end. They said when its enabled it causes various performance stability issues and the NAT itself often would not work as intented. For this reason Source NAT is not possible and the MX can only NAT outside to inside, other than the WAN PAT outbound.

Please submit a feature request in Meraki so we can have more robust firewall options!