Meraki

Community

Can a LAN device communicate with a "Translated" IP

JohnPa
Just browsing
‎Jul 23 2024 4:33 PM
‎Jul 23 2024 4:33 PM

Can a LAN device communicate with a "Translated" IP

MX appliance 1: Main subnet 10.0.1.0/24, VPN Subnet with address translation 10.0.91.0/24

MX appliance 2: Main subnet 10.0.1.0/24, VPN Subnet with address translation 10.0.92.0/24

 

MX appliance 1 and 2 are participants in a Site to Site Meraki VPN. The main subnet of both MX appliances is the same so address translation is used for the VPN Subnet.


The question:

Due to a device configuration limitation, a local device on MX appliance 2 (IP 10.0.1.10) is programmed to communicate with another local device on that MX appliance using the VPN translated address (IP 10.0.92.11). The Local IP address of the second device is actually 10.0.1.11. 

 

How does the MX handle this situation? Does the MX translate back to the local device within the same MX or is the address translation only meaningful for communications across the site to site VPN?


Labels:
0 Kudos
1 Reply 1
GreenMan
Meraki Employee
Meraki Employee
‎Jul 24 2024 4:44 AM
‎Jul 24 2024 4:44 AM

I think you'd need to test it - the feature is not designed for that use case, it's designed for traffic flowing across AutoVPN tunnels only  (it's called Site-to-site VPN translation, after all:  https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation  )

As I understand it the traffic in this case would need to be routed locally by MX2 alone.   I'd be surprised if it works, personally.

What's preventing 10.0.1.10 from being configured to communicate directly with 10.0.1.11?   That traffic wouldn't even need to hit the MX.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.