Home > Security Appliances > Firewall and Traffic Shaping > NAT Rule Broken with Load Balancing Enabled

NAT Rule Broken with Load Balancing Enabled

Table of contents
No headers

Load Balancing on an MX Security Appliance is designed to round-robin connections between both WAN uplinks, thereby balancing traffic load between the two. NAT rules, meanwhile, are intended to map a certain public IP to one or more internal IPs, so traffic to/from the internal device(s) will always use that public IP.

When the two features are used in conjunction, load balancing will cause outbound traffic to go out of either interface, even if there is a NAT rule in place. This can cause issues sending traffic from an internal IP denoted in a NAT rule.

The following instructions explain how to use Uplink Preferences to ensure that 1:1 NAT or 1:Many NAT traffic uses the appropriate interface:

  1. Navigate to Configure > Traffic shaping
  2. Under Uplink preferences, select Add a preference.
  3. Configure the preference similarly to the rule shown below. In this case, the Local IP range of 192.168.128.252/32 is the internal device referenced in a 1:1 NAT rule, and the Preferred uplink is the one using the public IP reference in the same rule.

  4. Click Save changes.

Note: Additional uplink preferences will need to be configured for each NAT rule. For a 1:Many NAT rule, each internal device will need to be included in an uplink preference. To simplify the list of uplink preferences, a subnet can be specified for Local IP range instead of a single device.

You must to post a comment.
Last modified
08:50, 5 Oct 2015

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 1397

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case