In January, Meraki introduced the industry’s first cloud-managed routers, the MX series. We’ve been selling the MX50 and MX70 directly to end customers, and the feedback we’ve received has been quite positive and enthusiastic. We shared some of that feedback in the blog post about the new router webinar.

Now available through your favorite reseller

Today we’re happy to announce that the MX50 and MX70 cloud-managed routers are available through our channel and for sale through your favorite reseller, starting April 1. We now have over 700 resellers, and this means you can purchase the MX routers through the same trusted partners that also carry our wireless access points. The MX50 Cloud Manager Router lists starting at $995.

New 1:1 NAT and DMZ

That’s not all. Our team continues to work hard on enhancing the MX and integrating even more useful tools. We’re now adding 1:1 network address translation (NAT) and demilitarized zone (DMZ) capabilities.

1:1 NAT is a form of NAT that assigns one public IP address to one private IP address. 1:1 NAT/DMZ is useful when exposing a group of internal servers to the outside world while still protecting the corporate network. For example, web servers need to be exposed to the outside world so that users can establish inbound connections, but this should not compromise the security of the internal corporate network. Using 1:1 NAT, the web server can be placed in a DMZ such that external users can access it (and only the web server), internal users can access it, but external users cannot access the internal network.

Configuration in dashboard is very easy. Simply enter the external and internal IP addresses as shown in the example below.

Figure 1: 1:1 NAT configuration in dashboard

The MX routers can also connect two sites over a secure site-to-site VPN connection. Suppose a user at one location is assigned an internal IP address. The routers automatically discover and configure the appropriate routing entries that establish the link between sites, traversing NAT and firewalls as necessary. Figure 2 shows an example configuration between several sites in northern and southern California.

Figure 2: Site-to-site VPN configuration in dashboard

Punching through

When deploying the MX routers for site-to-site VPN, you don’t need to worry about the link between each site. The MX automatically punches through to the other side to establish a secure and persistent link. The VPN connection is established using IPsec with 128-bit AES for encryption, a secure standard commonly used for VPN. This also means you can deploy the MX router behind an existing 3rd-party firewall or router. The whole process is zero-config. You don’t need to manually provision the MX or supply entries to a routing table – the MX works through the cloud to discover the correct routes and automatically establish the secure layer 3 site-to-site VPN.

We’re not stopping here, either. Keep an eye out for more router enhancements coming soon. If you want to get your hands on an MX router, you can sign up for a free trial online, or call us at 1-888-490-0918 (outside the US: +1 415 632 5800).

If you’re a reseller and are interested in learning more about how the MX can help your customers, we’re running a training webinar exclusively for resellers on Thursday, April 14, at 11:00 AM Pacific time.

Thanks!