One-to-One NAT Rules Configuration
Dashboard Location: Security and SD-WAN > Configure > Firewall > Forwarding rules
Direct IP Address Mapping
Section titled “Direct IP Address Mapping”One-to-one NAT rules configuration in Meraki appliances provides direct mapping between public and private IP addresses, enabling complete bidirectional communication for specific hosts or services. This functionality creates a transparent network address translation where a dedicated public IP address is permanently associated with an internal IP address, allowing external clients to access internal resources as if they were directly connected to the internet. One-to-one NAT is essential for hosting services that require consistent external IP addresses, supporting legacy applications that embed IP addresses, and providing simplified external access to internal systems while maintaining granular access control through port and protocol restrictions.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”firewall (meraki.domains.organizations.networks.appliance)
Section titled “firewall (meraki.domains.organizations.networks.appliance)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| one_to_one_nat_rules | List | [one_to_one_nat_rules] | No |
one_to_one_nat_rules (meraki.domains.organizations.networks.appliance.firewall)
Section titled “one_to_one_nat_rules (meraki.domains.organizations.networks.appliance.firewall)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 127 | No | |
| public_ip | IP | No | ||
| lan_ip | IP | Yes | ||
| uplink | String | Regex: ^internet\d+$ | No | |
| allowed_inbound | List | [allowed_inbound] | No |
allowed_inbound (meraki.domains.organizations.networks.appliance.firewall.one_to_one_nat_rules)
Section titled “allowed_inbound (meraki.domains.organizations.networks.appliance.firewall.one_to_one_nat_rules)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| protocol | Choice | any, icmp-ping, tcp, udp | No | |
| destination_ports | List | Any[Integer[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3 | [1-5][0-9]4 | 6[0-4][0-9]3 |
| allowed_ips | List | Any[IP or String[matches: [Aa]ny]] | No |
Examples
Section titled “Examples”Example-1: The example below demonstrates one-to-one NAT rules configuration using tested YAML configuration from pipeline fixtures.
meraki: domains: - name: "!env domain" administrator: name: "!env org_admin" organizations: - name: "!env org" networks: - name: "!env network_name" product_types: - appliance - switch - wireless - camera - sensor - cellularGateway appliance: firewall: one_to_one_nat_rules: - name: "NAT 1" public_ip: "203.0.113.2" lan_ip: "192.168.128.200" uplink: internet1 allowed_inbound: - protocol: tcp destination_ports: - 443 allowed_ips: - "10.82.112.0/24" - "10.82.0.0/16" - name: "NAT 2" public_ip: "203.0.113.3" lan_ip: "192.168.128.201" uplink: internet1 allowed_inbound: - protocol: tcp destination_ports: - "3306" - "5432" allowed_ips: - "!env trusted_db_clients"