Meraki

Cyrus777 · ‎Dec 9 2025

Hello All,

I am setting up an IPsec VPN peer on a Meraki Site-to-Site VPN with a non-Meraki third-party firewall. They require us to use a 172.x.x.x subnet as our private network, and I need to translate our internal 10.x.x.x IPs over the VPN tunnel. Since Meraki does not support 1:1 NAT on IPsec to translate specific IPs for communication with the external party, what options do we have to accommodate this requirement without disrupting communication on our organization’s existing subnet?

alemabrahao · ‎Dec 9 2025

You can have a Linux system with StrongSwan and establish a tunnel with those servers.

With Meraki, you don't have many options when it comes to non-Meraki VPNs.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Cyrus777 · ‎Dec 9 2025

do you have any documentation that I can use to set this up for Meraki specifically?

I think I need to setup this Linux on a VM inside my network behind the Meraki MX is that correct?

alemabrahao · ‎Dec 9 2025

I believe that this will help you.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/215884-configure-a-s...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PhilipDAth · ‎Dec 9 2025

Ask them to perform the subnet NAT translation on their end.

Meraki

Community

1:1 NAT on non-Meraki VPN

1:1 NAT on non-Meraki VPN