We are looking at moving to a Meraki MX-250 Security Device.
I have a VPN tunnel with another Company. I believe they have a Juniper VPN Device,
we have a server they connect to over a the VPN tunnel today.
The Servers Private IP is 172.18.0.99. they require us to Nat the server to a public IP say 1.1.1.10, because they have other client swith the 172.18.0..0/24 network.
We do this with a CIsco ASA today, Can this be done with Meraki?
Hi @NorthCentralTel, hopefully I’ve read and understood your question correctly. it’s possible but only on a Meraki to Meraki VPN
https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation
I've actually tested this and it does actually perform NAT translation over ALL Meraki and Non-Meraki VPNs. The only problem is you cannot NAT per VPN; it's all or none. In our case, we needed 1 3rd party VPN NAT'ed, but not the other, so it did not work out in our case.
You can perform subnet translation - however this person is asking about NATing their subnet to a specific public IP address to go over the VPN.
>We do this with a CIsco ASA today, Can this be done with Meraki?
No.
My stance: The more complex a VPN setup is, the more likely is that the ASA should be kept as a VPN gateway for quite some time.
Hi @KarstenI , yep, agree with that statement. Most recent firewall project we had to place a couple of ASAs back into the design for that very reason. Customers VPN requirements were varied and complex.
I like how the ASA decouples NAT from everything else.
It does make it alot more complex to configure if you have an involved config but you can get by most use cases.
Cisco remains an aeroplane cockpit with loads of buttons and possibilities while Meraki is more like a remote controlled car with a stick and a few buttons.