Hello all,
a client asked about creating GRE tunnel over a Meraki MX, with 1:1 NAT.
The MX would not be terminating the tunnel, just forwarding GRE traffic with SNAT to a specific public IP.
Anyone knows if it is supported / did it in production?
Thank you.
Solved! Go to solution.
This usually does not work (nothing to do with MX, NAT breaks it GRE in general). This is because each end of a GRE tunnel configures the source and destination address, which must match. Because of NAT, that can not happen.
To make it work, you have to get rid of NAT. The common solution is to create an IPSec tunnel between the two devices running NAT (the MX and the remote firewall in this case), and then run GRE over that between the two GRE endpoints.
MX doesn't support GRE. I had a project that it's was required and we had to use a Fortigate in the middle.
Thank you for the answer.
I don't need MX to "support GRE", meaning to be a tunnel endpoint. My question is if the MX will forward GRE traffic, and apply SNAT to it, or it will somehow prevent the GRE tunnel to work.
I got it, you need ask the Meraki product team to enable the SNAT feature on your dashboard. So I think it should have to work.
This usually does not work (nothing to do with MX, NAT breaks it GRE in general). This is because each end of a GRE tunnel configures the source and destination address, which must match. Because of NAT, that can not happen.
To make it work, you have to get rid of NAT. The common solution is to create an IPSec tunnel between the two devices running NAT (the MX and the remote firewall in this case), and then run GRE over that between the two GRE endpoints.