Home > Security Appliances > NAT and Port Forwarding > Port Forwarding and NAT Rules on the MX

Port Forwarding and NAT Rules on the MX

如欲查看中文版本,请点击 这里

 

Servers behind a firewall often need to be accessible from the Internet.  You can accomplish this by implementing Port Forwarding1:1 NAT (Network Address Translation), or 1:Many NAT on the MX Security Appliance.  This article discusses when it is appropriate to configure each one and their limitations.

Port Forwarding

Port forwarding takes specific TCP or UDP ports destined to an Internet interface of the MX Security Appliance and forwards them to specific internal IPs.  This is best for users that do not own a pool of public IP addresses.  This feature can forward different ports to different internal IP addresses, allowing multiple servers to be accessible from the same public IP address.  

52fe4666-3b97-405c-955e-4075bbe98dd1


 

Please note that it is not possible to forward a single TCP or UDP port to multiple LAN devices.

 

1:1 NAT

1:1 NAT is for users with multiple public IP addresses available for use and for networks with multiple servers behind an firewall such as two web servers and two mail servers. A 1:1 NAT mapping can only be configured with IP addresses that do not belong to the MX Security Appliance. It can also translate public IP addresses in different subnets than WAN interface address if the ISP routes traffic for the subnet towards the MX interface.  Each translation added is a one to one rule, which means traffic destined to the public IP address can only go to one internal IP address. Within each translation, a user can specify which ports will be forwarded to the internal IP. 

0dfa33b7-08f3-4a68-850d-2c7455c9e899

1:Many NAT

A 1:Many NAT configuration allows an MX to forward traffic from a configured public IP to internal servers. However, unlike a 1:1 NAT rule, 1:Many NAT allows a single public IP to translate to multiple internal IPs, on different ports. For each 1:Many IP definition, a single public IP must be specified, then multiple port forwarding rules can be configured to forward traffic to different devices on the LAN on a per-port basis. As with 1:1 NAT, a 1:Many NAT definition cannot use an IP address that belongs to the MX.

Troubleshooting

For information on troubleshooting issues with Port Forwarding and NAT Rules, please refer to this article.

You must to post a comment.
Last modified
15:39, 15 Sep 2017

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community