Meraki

Community

VPN site to site port 50 forwarding protocol ESP

Inova
New here
‎Jul 23 2018 9:12 AM
‎Jul 23 2018 9:12 AM

VPN site to site port 50 forwarding protocol ESP

Hi All,

 

For security reason, I have to forward UDP 500 / TCP 4500 and ESP 50 to a secure network in my internal network where a VPN device manage a L2L vpn for this secure network. Unfortunatly I cannot use the meraki MX to manage this L2L vpn.

It seems that meraki can't forward ESP protocol.

How can I do to make it works ?

 

Thanks in advance

 

0 Kudos
2 Replies 2
Adam
Kind of a big deal
‎Jul 23 2018 10:15 AM
‎Jul 23 2018 10:15 AM

Regarding forwarding and the direction of traffic wouldn't you just use routes?  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
In response to Adam
jdsilva
Kind of a big deal
‎Jul 23 2018 11:01 AM
‎Jul 23 2018 11:01 AM

You won't be able to forward ESP. I suppose you could try a 1:1 NAT and set the forward rule to ANY... But I haven't tried this so I don't know if it would work, and you're effectively opening the whole box to the Internet, which isn't a great idea really.

 

image.png

 

Bascially you're going to have ensure you have NAT-T enabled on your VPN links. You won't be able to do this without NAT-T.

http://blog.brokennetwork.ca | @jdsilva
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.