Site-to-Site VPN Meraki MX behind NAT and Azure

SOLVED
Mateen
Getting noticed

Site-to-Site VPN Meraki MX behind NAT and Azure

Hei,

Does anyone know that if Meraki MX is behind NAT, is it possible to make VPN tunnel with Azure vpn-gw ? I am using beta firmware and activated ikev2 via support. Azure documentation says no. but is there any workaround ? portforwarding etc..

 

1 ACCEPTED SOLUTION
Nash
Kind of a big deal

Is it possible to put the 4G router into passthrough/bridge/whatever mode and slap the WAN IP directly on the MX?

View solution in original post

6 REPLIES 6
Nash
Kind of a big deal

Is the device in front of your MX using 500/4500 for anything?

 

If not, what happens when you setup port forwarding?

 

Alternately, would the vMX100 work for you?

Mateen
Getting noticed

Device in front is a 4 G router. I have tried port forwarding but tunnel is not coming online. vMX is not an option.
Nash
Kind of a big deal

Is it possible to put the 4G router into passthrough/bridge/whatever mode and slap the WAN IP directly on the MX?

Mateen
Getting noticed

Tried ipsec passthrough mode and a dmz mode which was the most open option on tp link mr400 4g router. In all settings the router gives a private ip to mx. Azure does not like that.

Nash
Kind of a big deal

Mm, no, no, it's not going to.

 

Is your provider on the 4G router doing carrier-grade NAT? If so, I don't think there's any way you're going to get around that. AutoVPN to a vMX could cope, but you've said that's not an option.

PhilipDAth
Kind of a big deal
Kind of a big deal

For 4G to work you would need a static IP from your carrier - and very few carriers will do that.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels