Non-Meraki VPN + NAT + AutoVPN

SOLVED
GuiCarvalho
Here to help

Non-Meraki VPN + NAT + AutoVPN

Hello Team,

 

I know that Non-Meraki VPN doesn't communicate whit AutoVPN. The most popular solution is add a new MX, in another Organization todo a bridge between Non-Meraki VPN and AutoVPN.

 

But, I would like to know if there is an alternative where we don't need another MX.

 

If I create a NAT in the HUB, to translate the remote address and create a route for the NATed IPs in the spokes, with the hub as next hop, it can be work?

 

Thanks,

Guilherme Carvalho

1 ACCEPTED SOLUTION

Accepted Solutions
PhilipDAth
Kind of a big deal

Re: Non-Meraki VPN + NAT + AutoVPN

>So, there is no way to spokes (AutoVPN) communicates with a non-Meraki VPN through the Hub?

 

Correct.  This is not possible.  You need to add something like another MX.  It doesn't need to be in another org, just another network.

View solution in original post

5 REPLIES 5
ww
Kind of a big deal
Kind of a big deal

Re: Non-Meraki VPN + NAT + AutoVPN

Nat is for the wan interface not for 3rd party vpn subnets. 

 

you cant create a specific route at a spoke to a hub, only a default route

GuiCarvalho
Here to help

Re: Non-Meraki VPN + NAT + AutoVPN

ww,

Thanks for your reply.

So, there is no way to spokes (AutoVPN) communicates with a non-Meraki VPN through the Hub?

PhilipDAth
Kind of a big deal

Re: Non-Meraki VPN + NAT + AutoVPN

>So, there is no way to spokes (AutoVPN) communicates with a non-Meraki VPN through the Hub?

 

Correct.  This is not possible.  You need to add something like another MX.  It doesn't need to be in another org, just another network.

View solution in original post

Bruce
Kind of a big deal

Re: Non-Meraki VPN + NAT + AutoVPN

@GuiCarvalho, it’s exactly like everyone has said, your spokes can’t communicate with a non-Meraki VPN peer to the hub. So, assuming there aren’t too many spokes, why not consider having the spokes build their own VPN to the non-Meraki VPN peer? It may take a little work on the non-Meraki peer, but the Meraki end is straight-forward (since one non-Meraki VPN configuration applies to all networks in the organisation unless you restrict it with tags). Obviously this doesn’t work for all situations, but worth considering.

GuiCarvalho
Here to help

Re: Non-Meraki VPN + NAT + AutoVPN

Thank you everyone for the help.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.