Meraki Site to Site VPN Issue

Solved
kuni
Getting noticed

Meraki Site to Site VPN Issue

Hi guys,

I'd like to check whether this diagram is possible or not.

I think it is not working well.

 

20191118_140840.jpg

 

1 Accepted Solution
BrechtSchamp
Kind of a big deal

Yes, plenty of people have their MX behind another device. As long as the device behaves as Meraki puts it "NAT-friendly" you will be fine.

 

If it behaves NAT-unfriendly, the dashboard will let you know. Solutions for that issue are described here:

https://documentation.meraki.com/MX/Site-to-site_VPN/Troubleshooting_VPN_Registration_for_Meraki_Aut...

View solution in original post

9 Replies 9
BrechtSchamp
Kind of a big deal

What makes you think it wouldn't work? Seems like a standard setup for AutoVPN?

kuni
Getting noticed

Thank you,

 

Yes, I mean that AutoVPN.

Is this diagram working for Auto VPN correctly ?

 

BrechtSchamp
Kind of a big deal

That's a standard setup for AutoVPN, so it should work yes.

kuni
Getting noticed

Thank you for your answer.

 

In case of standard, wan interface of MX has public IP, not private IP.

In this case, wan interface of MX has private IP.

Although wan interface of MX has private IP, AutoVPN can work, right ?

 

Thank you,

 

BrechtSchamp
Kind of a big deal

Yes, plenty of people have their MX behind another device. As long as the device behaves as Meraki puts it "NAT-friendly" you will be fine.

 

If it behaves NAT-unfriendly, the dashboard will let you know. Solutions for that issue are described here:

https://documentation.meraki.com/MX/Site-to-site_VPN/Troubleshooting_VPN_Registration_for_Meraki_Aut...

kuni
Getting noticed

Thank you for your guide.

 

In this case, the router front of MX can support nat.

So MX can connect AutoVPN, right ?

 

If I use MS250 instead of the router, MX can't connect AutoVPN. Because Meraki MS can't support nat.

 

Is this my understanding correct ?

 

BrechtSchamp
Kind of a big deal

Indeed, you can't do NAT with an MS switch.

kuni
Getting noticed

Thank you for your answer.

I think this is NAT problem not private IP.

Although wan interface of MX has private IP, It can use AutoVPN in case of the front device of MX can support NAT.

 

Thank you.

I understand.

 

Richard_W
A model citizen

Obviously it will work down under!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels