cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Source NAT for VPN traffic @ Branch office

Highlighted
Conversationalist

Source NAT for VPN traffic @ Branch office

I am using MX 84 appliance for my branch office connectivity and established site to site VPN with HO, We are trying to collect few operational details from branch end projector to HO server through SNMP. The problem is projector is not supporting routing.. It responds to any traffic from same IP segment but not from other ip segments. confirmed the same by enabling local L3 routing. 

 

Can I do source NAT @branch MX 84 device to make sure the traffic hits projector from same IP segment.

10 REPLIES 10
Highlighted
Kind of a big deal
Kind of a big deal

Re: Source NAT for VPN traffic @ Branch office

@Mahadevan What is the projector model, it sounds like there is no default gateway set. Can you ping it from a remote subnet? I haven't seen an IP capable device where you cannot set a gateway for a long time but perhaps this is a very old device?

Highlighted
Conversationalist

Re: Source NAT for VPN traffic @ Branch office

We are giving the gateway address at the projector end.. Please find the projector details

 

Make : Christie 

Model : CP4325-RGB

Highlighted
Kind of a big deal
Kind of a big deal

Re: Source NAT for VPN traffic @ Branch office

Can you ping the projector from its own subnet?

Can you ping it from a different subnet?

 

Highlighted
Conversationalist

Re: Source NAT for VPN traffic @ Branch office

Can you ping the projector from its own subnet?

Yes

 

Can you ping it from a different subnet?

Nope

 

I have followed all this basic tshooting and then only posted this query.. 

Highlighted
Kind of a big deal
Kind of a big deal

Re: Source NAT for VPN traffic @ Branch office

Did you follow the instructions below and did you choose manual, if so what do you have for the first 3 and what are the equivalent on your router/firewall/L3 switch?

 

1. Connect the Ethernet cable from the theater network to the Management port on the input
panel.
2. In the left navigation menu, tap Service Setup > Network Settings.
3. In the Port list, tap Management.
4. Enter the network settings:
• To obtain the network settings automatically, tap Automatic.
• To enter the settings manually, tap Manual and complete these fields:
Field Description
IP Address The IP address of the projector.
Subnet Mask The subnet mask to which the IP address belongs.
Gateway The IP address for the network gateway.
Primary DNS The IP address of the primary DNS server.
Secondary DNS The IP address of the secondary DNS server.
5. Tap Save.

Highlighted
Kind of a big deal

Re: Source NAT for VPN traffic @ Branch office

If it is not the default gateway perhaps the subnet mask is wrong.  It is almost certainly one of those two.

 

To answer your orginal question, no you can not do SNAT.

Highlighted
Conversationalist

Re: Source NAT for VPN traffic @ Branch office

@PhilipDAth Hi, As suggested by TAC upgraded the firmware to 15.7 Beta and Meraki product team enabled the feature in my console. Now I can enable source NAT at my local interface. Refer the attachments

 

NAT Execptions.JPGSource NAT.JPG

 

Due to the problematic device non availability we could not able to test the same. But how it works.. I have applied source NAT in my VLAN and my expectation is to NAT the traffic which is coming from other site VPN to my local LAN, Anyhow it can work opposite also . . It can NAT my LAN IP into MX interface IP and send it to other VPN sites.. If it works in the 2nd way i will not get solution. Any thoughts.

Highlighted
Conversationalist

Re: Source NAT for VPN traffic @ Branch office

@cmr Hi, As suggested by TAC upgraded the firmware to 15.7 Beta and Meraki product team enabled the feature in my console. Now I can enable source NAT at my local interface. Refer the attachments.

 

NAT Execptions.JPGSource NAT.JPG

 

 

Due to the problematic device non availability we could not able to test the same. But how it works.. I have applied source NAT in my VLAN and my expectation is to NAT the traffic which is coming from other site VPN to my local LAN, Anyhow it can work opposite also . . It can NAT my LAN IP into MX interface IP and send it to other VPN sites.. If it works in the 2nd way i will not get solution. Any thoughts.

Highlighted
Here to help

Re: Source NAT for VPN traffic @ Branch office

Hi,

is Source-NAT already officially released or a hidden/BETA feature? Unfortunately I could‘nt find some documentation about it?!

Highlighted
Comes here often

Re: Source NAT for VPN traffic @ Branch office

I'm also interested in this...did you ever receive an answer?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.