VPN site to site port 50 forwarding protocol ESP

Inova
New here

VPN site to site port 50 forwarding protocol ESP

Hi All,

 

For security reason, I have to forward UDP 500 / TCP 4500 and ESP 50 to a secure network in my internal network where a VPN device manage a L2L vpn for this secure network. Unfortunatly I cannot use the meraki MX to manage this L2L vpn.

It seems that meraki can't forward ESP protocol.

How can I do to make it works ?

 

Thanks in advance

 

2 Replies 2
Adam
Kind of a big deal

Regarding forwarding and the direction of traffic wouldn't you just use routes?  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
jdsilva
Kind of a big deal

You won't be able to forward ESP. I suppose you could try a 1:1 NAT and set the forward rule to ANY... But I haven't tried this so I don't know if it would work, and you're effectively opening the whole box to the Internet, which isn't a great idea really.

 

image.png

 

Bascially you're going to have ensure you have NAT-T enabled on your VPN links. You won't be able to do this without NAT-T.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels