Meraki

Community

Client VPN when my MX100 has an private IP

Schiller
Getting noticed
‎Jun 2 2023 7:44 AM
‎Jun 2 2023 7:44 AM

Client VPN when my MX100 has an private IP

Good morning/afternoon all, 

How do I establish a client VPN into my MX100 if my site location has a public IP address while my MX WAN port has a private IP?

0 Kudos
12 Replies 12
alemabrahao
Kind of a big deal
‎Jun 2 2023 7:51 AM
‎Jun 2 2023 7:51 AM

If you have access to the ISP's router, you can try to create a NAT for port 500, but I've personally tested it and it didn't work.

 

So what I can say is that it probably won't work.

 

My suggestion is that you hire a dedicated link.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Schiller
Getting noticed
‎Jun 2 2023 7:58 AM
‎Jun 2 2023 7:58 AM

Thank you @alemabrahao I also tried it and it didn't work. 

0 Kudos
In response to Schiller
alemabrahao
Kind of a big deal
‎Jun 2 2023 8:02 AM
‎Jun 2 2023 8:02 AM

So it's not possible. You need a public IP on the MX.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
Schiller
Getting noticed
‎Jun 2 2023 8:26 AM
‎Jun 2 2023 8:26 AM

Yes, It looks like I have no choice

Thank you for time @alemabrahao 

0 Kudos
thaack
Getting noticed
‎Jun 2 2023 7:56 AM
‎Jun 2 2023 7:56 AM

If you are using IPsec, can you use the hostname in the Client VPN settings?

In response to thaack
Schiller
Getting noticed
‎Jun 2 2023 8:01 AM
‎Jun 2 2023 8:01 AM

Thank you @thaack I tried it and it didn't work. 

0 Kudos
In response to Schiller
thaack
Getting noticed
‎Jun 2 2023 8:06 AM
‎Jun 2 2023 8:06 AM

Can you setup IP Passthrough on the ISP's router?
0 Kudos
In response to thaack
Schiller
Getting noticed
‎Jun 2 2023 8:21 AM
‎Jun 2 2023 8:21 AM

No, I can't.

0 Kudos
In response to Schiller
thaack
Getting noticed
‎Jun 2 2023 8:31 AM
‎Jun 2 2023 8:31 AM

I'd reach out to your ISP to see what options you may have. Outside of @alemabrahao 1:1 NAT solution I can't think of anything else off the top of my head.

In response to thaack
Schiller
Getting noticed
‎Jun 2 2023 10:17 AM
‎Jun 2 2023 10:17 AM

I appreciate your help. I emailed the ISP about other options. 

Brash
Kind of a big deal
Kind of a big deal
‎Jun 2 2023 1:20 PM
‎Jun 2 2023 1:20 PM

This should be doable if your port forward ports 500 and 4500 through your ISP's NAT

 

"If your MX is behind a NAT device (for example, an upstream router or ISP modem), the MX uplink If your MX is behind a NAT device (for example, an upstream router or ISP modem), the MX uplink IP might have a private IP in the 172.16.X.X or 192.168.X.X or 10.X.X.X subnet range. Ensure UDP traffic on ports 500 and 4500 is being forwarded to the private uplink IP address of the MX."

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

0 Kudos
In response to Brash
alemabrahao
Kind of a big deal
‎Jun 2 2023 1:30 PM
‎Jun 2 2023 1:30 PM

I tried this way a lot of the times, and it have never worked.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.