I have a customer that has to use Nat Translation on their site to site VPN's because their local IP's overlap a 3rd party customers IP range. Our local IP's are 22.214.171.124/23 and it is translated to 10.10.10.0/23. We also have 10 other Meraki sites in our organization. The problem is, we have users that float between all our sites. If a user is at our main site, they have to use 126.96.36.199 to access the server. If they are at any other one of our sites, they have to use 10.10.10.10 to access the same server. Is there a way for us to use either the translated IP or the original IP at ALL sites?
So, in this case the client always will use the translated IP.
When VPN subnet translation is configured, the MX will check the source IP address against a address translation table. When 192.168.128.44 attempts to send traffic to the web server across the VPN, the source IP address is evaluated to be contained within the local subnet of 192.168.128.0/24, which requires a translation to be performed. The MX will then map the client's IP to the equivalent IP in the translated subnet. When the example client's traffic egresses the site-to-site VPN, it will have an IP address of 10.15.30.44.
If VPN subnet translation is configured, the translated subnet will automatically be advertised to all remote site-to-site VPN participants.
Thanks for the reply. My question is, is it possible for a user to use 1 ip address regardless if they are on site or going over the site to site vpn from another site? The users have proprietary software that has a server IP programmed in it that lives in host A. If they are on the network Host A, the IP will be 10.10.10.10. If the user goes to site B over the site to site, the ip will be 188.8.131.52. We would like to be able to setup the program to use only 1 or the other no matter which site they are located.