Client VPN when my MX100 has an private IP

Schiller
Here to help

Client VPN when my MX100 has an private IP

Good morning/afternoon all, 

How do I establish a client VPN into my MX100 if my site location has a public IP address while my MX WAN port has a private IP?

12 Replies 12
alemabrahao
Kind of a big deal
Kind of a big deal

If you have access to the ISP's router, you can try to create a NAT for port 500, but I've personally tested it and it didn't work.

 

So what I can say is that it probably won't work.

 

My suggestion is that you hire a dedicated link.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Schiller
Here to help

Thank you @alemabrahao I also tried it and it didn't work. 

alemabrahao
Kind of a big deal
Kind of a big deal

So it's not possible. You need a public IP on the MX.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Schiller
Here to help

Yes, It looks like I have no choice

Thank you for time @alemabrahao 

thaack
Getting noticed

If you are using IPsec, can you use the hostname in the Client VPN settings?

Schiller
Here to help

Thank you @thaack I tried it and it didn't work. 

thaack
Getting noticed

Can you setup IP Passthrough on the ISP's router?
Schiller
Here to help

No, I can't.

thaack
Getting noticed

I'd reach out to your ISP to see what options you may have. Outside of @alemabrahao 1:1 NAT solution I can't think of anything else off the top of my head.

Schiller
Here to help

I appreciate your help. I emailed the ISP about other options. 

Brash
Kind of a big deal
Kind of a big deal

This should be doable if your port forward ports 500 and 4500 through your ISP's NAT

 

"If your MX is behind a NAT device (for example, an upstream router or ISP modem), the MX uplink If your MX is behind a NAT device (for example, an upstream router or ISP modem), the MX uplink IP might have a private IP in the 172.16.X.X or 192.168.X.X or 10.X.X.X subnet range. Ensure UDP traffic on ports 500 and 4500 is being forwarded to the private uplink IP address of the MX."

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

alemabrahao
Kind of a big deal
Kind of a big deal

I tried this way a lot of the times, and it have never worked.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.