Is it possible to configure port address translation for incoming traffic from a site to site VPN? I would like incoming traffic from the peer site to translate to the inside LAN interface of the Meraki MX.
Yes you can do 1:Many NAT on Site to site VPN, have a look on below link and check for 1-to-many (1:M) VPN NAT there
https://documentation.meraki.com/MX/Site-to-site_VPN/Using_Site-to-site_VPN_Translation
I see this "This feature is only supported for Auto VPN and is not intended to work with non-Meraki VPN peers."
So it will not work for a site to site vpn between a meraki and non meraki peer?
That sucks if that's the case.
@hmc250000, unfortunately the answer here is no. The only NAT you can do on site-to-site VPN is the one linked to by Inderdeep, and this is intended for when you have spoke sites which have overlapping IP address ranges. (It’s a 1:1 NAT and not a PAT).
What are you trying to achieve/what’s the problem? Maybe there is another way to get the outcome you require with the Meraki solution.
We have overlapping ip ranges for a site to site VPN with an external partner.
And by the way I do not see the option to enable VPN subnet translation (only VPN on or VPN off). However AutoVPN is already enabled.
It will only work with Meraki peers, it doesn't work with non-Meraki peers. If you want it enabled you have to contact support, then you'll see the option to enable it if needed.
Actually, subnet translation might work on non-Meraki VPN, but it's not supported. I had a customer try this, a few years back, despite it not being officiallly supported - and it apparently worked. I discovered later that they'd stopped using the feature, but without any feedback, unfortunately.
As someone else asked, it would be good to understand the use case.