cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Site-to-Site VPN Meraki MX behind NAT and Azure

SOLVED
Highlighted
Here to help

Site-to-Site VPN Meraki MX behind NAT and Azure

Hei,

Does anyone know that if Meraki MX is behind NAT, is it possible to make VPN tunnel with Azure vpn-gw ? I am using beta firmware and activated ikev2 via support. Azure documentation says no. but is there any workaround ? portforwarding etc..

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Site-to-Site VPN Meraki MX behind NAT and Azure

Is it possible to put the 4G router into passthrough/bridge/whatever mode and slap the WAN IP directly on the MX?

View solution in original post

6 REPLIES 6
Highlighted
Kind of a big deal

Re: Site-to-Site VPN Meraki MX behind NAT and Azure

Is the device in front of your MX using 500/4500 for anything?

 

If not, what happens when you setup port forwarding?

 

Alternately, would the vMX100 work for you?

Highlighted
Here to help

Re: Site-to-Site VPN Meraki MX behind NAT and Azure

Device in front is a 4 G router. I have tried port forwarding but tunnel is not coming online. vMX is not an option.
Highlighted
Kind of a big deal

Re: Site-to-Site VPN Meraki MX behind NAT and Azure

Is it possible to put the 4G router into passthrough/bridge/whatever mode and slap the WAN IP directly on the MX?

View solution in original post

Highlighted
Here to help

Re: Site-to-Site VPN Meraki MX behind NAT and Azure

Tried ipsec passthrough mode and a dmz mode which was the most open option on tp link mr400 4g router. In all settings the router gives a private ip to mx. Azure does not like that.

Highlighted
Kind of a big deal

Re: Site-to-Site VPN Meraki MX behind NAT and Azure

Mm, no, no, it's not going to.

 

Is your provider on the 4G router doing carrier-grade NAT? If so, I don't think there's any way you're going to get around that. AutoVPN to a vMX could cope, but you've said that's not an option.

Kind of a big deal

Re: Site-to-Site VPN Meraki MX behind NAT and Azure

For 4G to work you would need a static IP from your carrier - and very few carriers will do that.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.