Auto VPN Problem | NAT Type: Unfriendly

Comes here often

Auto VPN Problem | NAT Type: Unfriendly

Good day Cisco Community,


Seeking your expertise in my problem.

Appliance(Spoke): MX64
Hub: VMx


I'm using 2 Internet to my affected site, 1 is Telco Provided and another 1 using cellular data.

Even using both 2 different Internet, I ended up having the same problem "NAT Type: Unfriendly"


I have 88 sites using the same configuration and Telco Provider and only this site has the problem.

I've tried to read the data via Packet Capture from VMx to MX and MX to VMx and observed that from the VMx going to the Public IP of MX, it uses different UDP Ports, 3 to 4 UDP Ports.


Read a lot of isolation to fix the issue even using Manual Nat Traversal, but it didn't resolve the problem.


Hope someone can help me on this.

4 Replies 4
Kind of a big deal
Kind of a big deal

For the main connection - does the MX have the public IP address directly on its WAN interface?
What type of Internet connection is it?  Fibre, DSL, etc?

Is this the same type of Internet connection at your other sites that work?


Hi Sir Philip,

Main Internet Connectivity has a Public IP address on its WAN Interface.

It is a Fibre DSL provided by our local Telco Provider here in the Philippines.

And yes, same Internet provider with the same Internet Service, Fibre DSL.


Just to share with you as well, I tried to use the Manual Port Forwarding using the Public IP Address obtained on WAN port and different UDP Ports from 32,000 to 61,000 but still not working.



Kind of a big deal
Kind of a big deal

If the MX has a public IP address of its actual WAN interface then this issue should not be happening (as there is no NAT and nothing should be restricting traffic).


I would try asking support if they can see why this is being reported.

I really don't know what really the problem is.


Tried as well a back-up connectivity, a device which uses sim card(cellular data) and it has the same problem as well even though it has a public IP Address to be used.


Tried to re-create the network under the same Org. but still same results.


If you are interested, we can do a remote session and i'll show to you the problem.


Thank you so much sir.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.