Meraki

Community

Non-Meraki VPN + NAT + AutoVPN

Solved
GuiCarvalho
Getting noticed
‎Jul 19 2021 7:40 AM
‎Jul 19 2021 7:40 AM

Non-Meraki VPN + NAT + AutoVPN

Hello Team,

 

I know that Non-Meraki VPN doesn't communicate whit AutoVPN. The most popular solution is add a new MX, in another Organization todo a bridge between Non-Meraki VPN and AutoVPN.

 

But, I would like to know if there is an alternative where we don't need another MX.

 

If I create a NAT in the HUB, to translate the remote address and create a route for the NATed IPs in the spokes, with the hub as next hop, it can be work?

 

Thanks,

Guilherme Carvalho

0 Kudos
1 Accepted Solution
In response to GuiCarvalho
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 19 2021 1:10 PM
‎Jul 19 2021 1:10 PM

>So, there is no way to spokes (AutoVPN) communicates with a non-Meraki VPN through the Hub?

 

Correct.  This is not possible.  You need to add something like another MX.  It doesn't need to be in another org, just another network.

View solution in original post

5 Replies 5
ww
Kind of a big deal
Kind of a big deal
‎Jul 19 2021 7:54 AM
‎Jul 19 2021 7:54 AM

Nat is for the wan interface not for 3rd party vpn subnets. 

 

you cant create a specific route at a spoke to a hub, only a default route

In response to ww
GuiCarvalho
Getting noticed
‎Jul 19 2021 11:40 AM
‎Jul 19 2021 11:40 AM

ww,

Thanks for your reply.

So, there is no way to spokes (AutoVPN) communicates with a non-Meraki VPN through the Hub?

0 Kudos
In response to GuiCarvalho
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 19 2021 1:10 PM
‎Jul 19 2021 1:10 PM

>So, there is no way to spokes (AutoVPN) communicates with a non-Meraki VPN through the Hub?

 

Correct.  This is not possible.  You need to add something like another MX.  It doesn't need to be in another org, just another network.

In response to PhilipDAth
Bruce
Kind of a big deal
‎Jul 19 2021 2:27 PM
‎Jul 19 2021 2:27 PM

@GuiCarvalho, it’s exactly like everyone has said, your spokes can’t communicate with a non-Meraki VPN peer to the hub. So, assuming there aren’t too many spokes, why not consider having the spokes build their own VPN to the non-Meraki VPN peer? It may take a little work on the non-Meraki peer, but the Meraki end is straight-forward (since one non-Meraki VPN configuration applies to all networks in the organisation unless you restrict it with tags). Obviously this doesn’t work for all situations, but worth considering.

GuiCarvalho
Getting noticed
‎Jul 20 2021 7:31 AM
‎Jul 20 2021 7:31 AM

Thank you everyone for the help.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.