Meraki Site to Site VPN to another Meraki behind CGNat IPv4 Address

malerr
Here to help

Meraki Site to Site VPN to another Meraki behind CGNat IPv4 Address

Hi everyone, 

 

I am currently researching whether it is possible to configure a Meraki site-to-site VPN with one side behind a CGNat IPv4 address. Have any of you guys try this and is it successful? I do come across the documentation below but I just wonder whether it is possible to do.

 

https://documentation.meraki.com/General_Administration/Service_Providers_-_SPs/Carrier-Grade_NAT_an...

 

Your response are highly appreciated.

 

Thanks.

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal

I have, and it works without any major problems.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
malerr
Here to help

Thank you for your reply! @alemabrahao 

 

Are you using the documentation that I have insert above as a reference? If yes, which method work best for you? Manual NAT traversal or bypassing the CGNAT?

GreenMan
Meraki Employee
Meraki Employee

In my experience, configuring manual NAT traversal at your Hub site(s) is the way to go, first.  For the UDP port I recommend choosing an otherwise unused one between 1025 and 32768, but avoiding 4500

PhilipDAth
Kind of a big deal
Kind of a big deal

And udp/500.  🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels