Meraki

Community

vMX100 in AWS Private Subnet behind a NAT gateway

Solved
Fitzy
Conversationalist
‎Mar 7 2018 1:51 PM
‎Mar 7 2018 1:51 PM

vMX100 in AWS Private Subnet behind a NAT gateway

Hey guys,

 

Just wondering if anyone can help me understand how our vMX100 is working right now.

 

We currently have the vMX100 instance installed in a test AWS VPC. I have a standard setup in the VPC with a Public and Private subnet. The Public subnet's default route goes out the Internet Gateway, and the Private subnet's default route is through a NAT Gateway (which exists in the Public subnet). I was able to connect it to the Auto-VPN mesh network no problem, and it seems to be working great.

I just don't understand how the vMX can exist behind the NAT Gateway and still functional connect to the rest of the VPN mesh network? Is it because the Meraki dashboard handles all the negotiation?

 

Cheers!

0 Kudos
1 Accepted Solution
In response to PhilipDAth
Fitzy
Conversationalist
‎Mar 12 2018 7:54 AM
‎Mar 12 2018 7:54 AM

I guess I was looking for this documentation:
https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Automatic_NAT_Traversal_for_IPsec_Tunneling_b...

 

Don't know why I couldn't find it last week. Thank you for the reply though.

View solution in original post

0 Kudos
2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 7 2018 2:48 PM
‎Mar 7 2018 2:48 PM

No matter what in AWS it will have to run through NAT. AutoVPN manages the setup of its VPNs through NAT automatically.

They call it "Meraki Simple".
0 Kudos
In response to PhilipDAth
Fitzy
Conversationalist
‎Mar 12 2018 7:54 AM
‎Mar 12 2018 7:54 AM

I guess I was looking for this documentation:
https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Automatic_NAT_Traversal_for_IPsec_Tunneling_b...

 

Don't know why I couldn't find it last week. Thank you for the reply though.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.