Non-Meraki Peers with Source NAT

ChuckBrantley
New here

Non-Meraki Peers with Source NAT

I am moving a L2L tunnel from an ASA to a Meraki MX100.  I understand how to set the tunnel piece up, but in this specific case I need to source NAT  the local network to the remote network.  Similar to the below.

 

nat (Inside,outside) source dynamic obj_VPN10.2.60 host-24.68 destination static Sub-10.32.0.0_16 Sub-10.32.0.0_16

 

Is this type of NAT configurable? I played with the 1:Many NAT but had no success. TIA

3 REPLIES 3
jdsilva
Kind of a big deal

The MX is not capable of NAT on a Non-Meraki VPN tunnel. You will need to perform that NAT on the ASA on the other side. 

Thanks.  That is what I was thinking, but wanted confirmation.  I'll have to ask the other side since it is a vendor.

Nash
Kind of a big deal

Hopefully your vendor will go for it. We've got a number of tunnels between our ASAs and client's Meraki MX, where we're doing VPN NAT on the ASA side. MX doesn't care so long as you tell it the correct subnet.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels