top of page
  • Writer's pictureAjit

How Cisco Meraki MX "1:Many NAT" works?

Updated: Jan 13, 2022

Traffic from the outside that matches a 1:Many NAT rule will be forwarded to the internal host just like a port forward. Return traffic for that flow will be mapped back to the "Public IP" of the 1:Many NAT rule. That said, flows originating from the LAN side of the MX will never be mapped to the "Public IP" of a 1:Many NAT rule regardless of the rules criteria. LAN initiated flows will always be mapped to the WAN/VIP unless the host is on a 1:1 NAT mapping.

Consider the following:

Host A <--WAN--> MX100 <-LAN--> Host B


MX 1:Many Public

If the MX has a 1:Many NAT rule that forwards TCP port 22 received on to Host B on port 22, an SSH session from outside to would flow through to Host B as expected and return traffic for said session would be mapped to on the outbound.

That said, if host B went to SSH into Host A, that flow would be NATed like any other flow and come from from the perspective of Host A.


Recent Posts

See All


bottom of page