Meraki

Community

allow ESP IP Protocol 50 in meraki mx

FishMan
Comes here often
‎Nov 23 2023 6:41 PM
‎Nov 23 2023 6:41 PM

allow ESP IP Protocol 50 in meraki mx

i need to allow ESP IP Protocol 50 in meraki mx

 

any one could help

0 Kudos
4 Replies 4
AndreaB
Here to help
‎Nov 24 2023 2:39 AM
‎Nov 24 2023 2:39 AM

What do you exactly want to achieve?

MX doesn't route unencapsulated ESP traffic, but NAT-T works without any problem, hence UDP is the protocol to allow.

.ı|ı.ı|ı. Andrea
0 Kudos
alemabrahao
Kind of a big deal
‎Nov 24 2023 3:40 AM
‎Nov 24 2023 3:40 AM

Sorry, but I believe it is necessary to allow nothing.
 
Otherwise I suggest opening a support case.

 

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Networking_Fundame...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
AndreaB
Here to help
‎Nov 24 2023 8:49 AM
‎Nov 24 2023 8:49 AM

It depends if the MX is the VPN terminator, or the termination is behind the MX. That's why I mentioned NAT-T.

.ı|ı.ı|ı. Andrea
0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 24 2023 9:06 AM
‎Nov 24 2023 9:06 AM

A device behind an MX will be NAT'ed unless it is in concentrator mode.  In that last case you will not be able to support it.  Otherwise in the normal routed mode your ESP endpoint will just encapsulate ESP inside UDP port 4500.

 

The MX itself when making IPsec VPN's will always use ESP for encapsulation.

AutoVPN is proprietary and does not use standards based IPsec.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.