Nat Translation over site to site

Meraki-5942
New here

Nat Translation over site to site

I have a customer that has to use Nat Translation on their site to site VPN's because their local IP's overlap a 3rd party customers IP range.  Our local IP's are 172.15.15.0/23 and it is translated to 10.10.10.0/23.  We also have 10 other Meraki sites in our organization.  The problem is, we have users that float between all our sites.  If a user is at our main site, they have to use 172.15.15.10 to access the server.  If they are at any other one of our sites, they have to use 10.10.10.10 to access the same server.  Is there a way for us to use either the translated IP or the original IP at ALL sites?  

7 Replies 7
Bo_Tang
Meraki Employee
Meraki Employee

PERHAPS local DNS deployment?

Meraki-5942
New here

According to the server team, DNS servers are set to Umbrella and they are all using the same DNS server to resolve the name on all sites.

alemabrahao
Kind of a big deal
Kind of a big deal

You need to ask Meraki support to enable S2S VPN translation.

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Meraki-5942
New here

Translation is already enabled.  The tunnels are up.

alemabrahao
Kind of a big deal
Kind of a big deal

So, in this case the client always will use the translated IP.

 

When VPN subnet translation is configured, the MX will check the source IP address against a address translation table. When 192.168.128.44 attempts to send traffic to the web server across the VPN, the source IP address is evaluated to be contained within the local subnet of 192.168.128.0/24, which requires a translation to be performed. The MX will then map the client's IP to the equivalent IP in the translated subnet. When the example client's traffic egresses the site-to-site VPN, it will have an IP address of 10.15.30.44.

 

If VPN subnet translation is configured, the translated subnet will automatically be advertised to all remote site-to-site VPN participants.

 

Full doc: https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Meraki-5942
New here

Thanks for the reply.  My question is, is it possible for a user to use 1 ip address regardless if they are on site or going over the site to site vpn from another site?  The users have proprietary software that has a server IP programmed in it that lives in host A.  If they are on the network Host A, the IP will be 10.10.10.10.  If the user goes to site B over the site to site, the ip will be 172.15.15.10.  We would like to be able to setup the program to use only 1 or the other no matter which site they are located.

alemabrahao
Kind of a big deal
Kind of a big deal

The translation is automatic, you cannot change it. You can make a wish for Meraki team.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.