Meraki

Community

Site-to-site VPN Translation (1:M) – behaves like source NAT from destination side?

giovanitestoni
Here to help
Tuesday
Tuesday

Site-to-site VPN Translation (1:M) – behaves like source NAT from destination side?

Hi all,

 

Quick question to validate my understanding of Site-to-site VPN Translation (1:M) on MX.

In this mode:

  • Multiple internal prefixes / hosts are translated

  • Traffic is NATed to a single /32 address

  • From the remote site perspective, all traffic appears to come from one source IP

 

So effectively, although documented as 1:many, the behavior on the destination side looks very similar to source NAT (many-to-one):

  • The destination only needs to route and permit a /32

  • Original source subnets are not visible for policy enforcement

 

 

https://documentation.meraki.com/SASE_and_SD-WAN/MX/Design_and_Configure/Configuration_Guides/Site-t...

 

Does this match your experience with Auto VPN translation?

 

Thanks!

0 Kudos
2 Replies 2
PatWruk
Getting noticed
Wednesday
Wednesday

If I remember right, it's been a while since I've used it. You set the translation NAT to match the subnet size of the source network. So if you're source network is 10.1.1.0/24 but you want to use 10.25.10.0/24 through the translation. A device in your original network using the IP 10.1.1.27 would come through the translation as 10.25.10.27, essentially using the same last octet but being translated to the new subnet.

0 Kudos
In response to PatWruk
alemabrahao
Kind of a big deal
Kind of a big deal
Wednesday
Wednesday

Yes, this is correct.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2026 Cisco Systems, Inc.