The Cisco Meraki MX security appliance already provides both 1-to-1 NAT as well as port forwarding, however there are standard limitations:
- Port forwarding had to use a single public IP: that of the MX’s WAN interface
- 1-to-1 NAT could only map one public IP to one private IP; there was no way to port forward to multiple private addresses
With 1:many NAT, you can redirect traffic on a public port to any private IP address and port using port translation, and you aren’t restricted to using the MX’s public WAN interface (you can configure as many public IP addresses as your organization owns). This allows significantly greater flexibility for organizations who have one, two, or a handful of public IP addresses and that want to publicly host several services from different private servers, listening on unique internal ports.
To configure 1:many NAT, navigate to the Configure > Firewall page in the Meraki dashboard. Under “Forwarding Rules” select the WAN uplink being used to service the traffic being NAT-ed, and then add a 1:many IP rule. Type in the public IP addresses to use, then map these to private IP addresses (and different ports, if desired).
Configuring 1:many NAT: map a single public IP listening on several ports to multiple internal servers.
To recap: 1:many NAT is a useful tool for flexible addressing when hosting publicly-accessible services. Check for this feature in August, when we expect to roll out our summer feature release.