Meraki

Community

Meraki Site to Site VPN to another Meraki behind CGNat IPv4 Address

malerr
Here to help
‎Feb 13 2024 5:24 PM
‎Feb 13 2024 5:24 PM

Meraki Site to Site VPN to another Meraki behind CGNat IPv4 Address

Hi everyone, 

 

I am currently researching whether it is possible to configure a Meraki site-to-site VPN with one side behind a CGNat IPv4 address. Have any of you guys try this and is it successful? I do come across the documentation below but I just wonder whether it is possible to do.

 

https://documentation.meraki.com/General_Administration/Service_Providers_-_SPs/Carrier-Grade_NAT_an...

 

Your response are highly appreciated.

 

Thanks.

0 Kudos
4 Replies 4
alemabrahao
Kind of a big deal
‎Feb 13 2024 6:09 PM
‎Feb 13 2024 6:09 PM

I have, and it works without any major problems.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
malerr
Here to help
‎Feb 13 2024 6:26 PM
‎Feb 13 2024 6:26 PM

Thank you for your reply! @alemabrahao 

 

Are you using the documentation that I have insert above as a reference? If yes, which method work best for you? Manual NAT traversal or bypassing the CGNAT?

0 Kudos
GreenMan
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Feb 14 2024 4:52 AM
‎Feb 14 2024 4:52 AM

In my experience, configuring manual NAT traversal at your Hub site(s) is the way to go, first.  For the UDP port I recommend choosing an otherwise unused one between 1025 and 32768, but avoiding 4500

In response to GreenMan
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 14 2024 1:49 PM
‎Feb 14 2024 1:49 PM

And udp/500.  🙂

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.