Meraki

Community

1:1 NAT on non-Meraki VPN

Cyrus777
Getting noticed
54m ago
54m ago

1:1 NAT on non-Meraki VPN

Hello All,

I am setting up an IPsec VPN peer on a Meraki Site-to-Site VPN with a non-Meraki third-party firewall. They require us to use a 172.x.x.x subnet as our private network, and I need to translate our internal 10.x.x.x IPs over the VPN tunnel. Since Meraki does not support 1:1 NAT on IPsec to translate specific IPs for communication with the external party, what options do we have to accommodate this requirement without disrupting communication on our organization’s existing subnet?

Labels:
0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
49m ago
49m ago

You can have a Linux system with StrongSwan and establish a tunnel with those servers.

With Meraki, you don't have many options when it comes to non-Meraki VPNs.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal
9m ago
9m ago

Ask them to perform the subnet NAT translation on their end.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.