Hi, were are deploying a Wireless solution for a nationwide restaurant chain customer in Spain. Around 600 sites.
We have from 2 to 4 Meraki APs at sites and we concentrate them all on a 2-unit Meraki MX600 cluster. Customer wireless guests are connected to our MPLS network and then we deliver their navigation traffic to BT Internet Service.
says concentrator mode is deployed in passthru like a bridge between LAN (so it is used) and Internet ports.
So it seems to me that concentrator mode has 2 flavours. Am I right?
Can we deploy NAT model for AP's VPN concentrator, bridging between lan (from where traffic comes) and Internet1 ports? Internet1 addressing would be private for security purposes.
We have already applied this config in our lab and it seems to work fine for one AP site. I mean, both NAT model at MX600 side and VPN tunnel to MX600 concentrator at AP side. Is this a supported topology from Meraki? I do not have this point clear even after reading your deployment guides.
We would also have to be sure it is appropiate in terms of scalability (specially in terms of max number of NAT entries on the MX600).
So we have finally decided to change our design, keeping the MX-600s nodes just as a L2 cluster FW and establishing the VPN tunnels from router to router in a hub and spoke DMVPN solution. This more classical approach ensures scalabitily would not be an issue.
We have successfully tested the MX600's as L2 FW cluster at our lab.