Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Nat Translation over site to site

Meraki-5942
New here
‎Mar 1 2023 2:24 PM
‎Mar 1 2023 2:24 PM

Nat Translation over site to site

I have a customer that has to use Nat Translation on their site to site VPN's because their local IP's overlap a 3rd party customers IP range.  Our local IP's are 172.15.15.0/23 and it is translated to 10.10.10.0/23.  We also have 10 other Meraki sites in our organization.  The problem is, we have users that float between all our sites.  If a user is at our main site, they have to use 172.15.15.10 to access the server.  If they are at any other one of our sites, they have to use 10.10.10.10 to access the same server.  Is there a way for us to use either the translated IP or the original IP at ALL sites?  

0 Kudos
Subscribe
7 Replies 7
Bo_Tang
Meraki Employee
Meraki Employee
‎Mar 1 2023 5:57 PM
‎Mar 1 2023 5:57 PM

PERHAPS local DNS deployment?

0 Kudos
Subscribe
In response to Bo_Tang
Meraki-5942
New here
‎Mar 2 2023 5:04 AM
‎Mar 2 2023 5:04 AM

According to the server team, DNS servers are set to Umbrella and they are all using the same DNS server to resolve the name on all sites.

0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 2 2023 1:20 AM
‎Mar 2 2023 1:20 AM

You need to ask Meraki support to enable S2S VPN translation.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Meraki-5942
New here
‎Mar 2 2023 5:03 AM
‎Mar 2 2023 5:03 AM

Translation is already enabled.  The tunnels are up.

0 Kudos
Subscribe
In response to Meraki-5942
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 2 2023 5:09 AM
‎Mar 2 2023 5:09 AM

So, in this case the client always will use the translated IP.

 

When VPN subnet translation is configured, the MX will check the source IP address against a address translation table. When 192.168.128.44 attempts to send traffic to the web server across the VPN, the source IP address is evaluated to be contained within the local subnet of 192.168.128.0/24, which requires a translation to be performed. The MX will then map the client's IP to the equivalent IP in the translated subnet. When the example client's traffic egresses the site-to-site VPN, it will have an IP address of 10.15.30.44.

 

If VPN subnet translation is configured, the translated subnet will automatically be advertised to all remote site-to-site VPN participants.

 

Full doc: https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Meraki-5942
New here
‎Mar 2 2023 5:27 AM
‎Mar 2 2023 5:27 AM

Thanks for the reply.  My question is, is it possible for a user to use 1 ip address regardless if they are on site or going over the site to site vpn from another site?  The users have proprietary software that has a server IP programmed in it that lives in host A.  If they are on the network Host A, the IP will be 10.10.10.10.  If the user goes to site B over the site to site, the ip will be 172.15.15.10.  We would like to be able to setup the program to use only 1 or the other no matter which site they are located.

0 Kudos
Subscribe
In response to Meraki-5942
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 2 2023 5:31 AM
‎Mar 2 2023 5:31 AM

The translation is automatic, you cannot change it. You can make a wish for Meraki team.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.