I know we have the ability to specify static IP and port for cloud/mesh vpn...its long past time that we have the option for static port only. By this..I mean that we have the option to use the auto registered public ip and only specify a static UDP port.
The reason is quite simple..so many telecommuters. They typically have a home router..with an IP that can change at any time. These devices allow us to issue a static internal IP and port forward. We can deploy meraki behind their home device and ensure that it always has the same private IP and always has a static UDP port forward..but we can't guarantee the public IP. Allowing us to only have to specify a static UDP IP for mesh vpn and let the IP continue to be pulled from the auto registration cloud VPN table only makes sense and it seems this would be pretty trivial.
Never had a spoke to spoke work when both spokes are behind a PAT/many to one nat device...regardless of the brand or model of device (we’ve tested probably no less than 15 home and enterprise class devices). Only works if one side is exposed to the public internet, has a static nat, or has a static port forward set.