Using 1:1 NAT with Executime

Here to help

Using 1:1 NAT with Executime

I have a customer that is trying to allow a vendor through their MX100 using 1:1 NAT. 

They have some time and attendance software, Executime (, that according to their IT Vendor, can only use ESP as their IPsec protocol. The Meraki MX only supports NAT-T. Do you have any ideas? Do any of you use Executime?

Kind of a big deal
Kind of a big deal

The the IPSec vendor only supports ESP and not NAT-T for their IPSec - then it isn't going to work through NAT anyway.


If they do support NAT-T then udp/500 and udp/4500 need to be port forwarded.  Note that these are used for client VPN, so if you do forward these ports from the WANIP of the MX client VPN will stop working.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.