allow ESP IP Protocol 50 in meraki mx

FishMan
Comes here often

allow ESP IP Protocol 50 in meraki mx

i need to allow ESP IP Protocol 50 in meraki mx

 

any one could help

4 Replies 4
AndreaB
Here to help

What do you exactly want to achieve?

MX doesn't route unencapsulated ESP traffic, but NAT-T works without any problem, hence UDP is the protocol to allow.

.ı|ı.ı|ı. Andrea
alemabrahao
Kind of a big deal
Kind of a big deal

Sorry, but I believe it is necessary to allow nothing.
 
Otherwise I suggest opening a support case.

 

https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Networking_Fundame...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
AndreaB
Here to help

It depends if the MX is the VPN terminator, or the termination is behind the MX. That's why I mentioned NAT-T.

.ı|ı.ı|ı. Andrea
GIdenJoe
Kind of a big deal
Kind of a big deal

A device behind an MX will be NAT'ed unless it is in concentrator mode.  In that last case you will not be able to support it.  Otherwise in the normal routed mode your ESP endpoint will just encapsulate ESP inside UDP port 4500.

 

The MX itself when making IPsec VPN's will always use ESP for encapsulation.

AutoVPN is proprietary and does not use standards based IPsec.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels