vMX100 in AWS Private Subnet behind a NAT gateway

SOLVED
Fitzy
Conversationalist

vMX100 in AWS Private Subnet behind a NAT gateway

Hey guys,

 

Just wondering if anyone can help me understand how our vMX100 is working right now.

 

We currently have the vMX100 instance installed in a test AWS VPC. I have a standard setup in the VPC with a Public and Private subnet. The Public subnet's default route goes out the Internet Gateway, and the Private subnet's default route is through a NAT Gateway (which exists in the Public subnet). I was able to connect it to the Auto-VPN mesh network no problem, and it seems to be working great.

I just don't understand how the vMX can exist behind the NAT Gateway and still functional connect to the rest of the VPN mesh network? Is it because the Meraki dashboard handles all the negotiation?

 

Cheers!

1 ACCEPTED SOLUTION
Fitzy
Conversationalist

I guess I was looking for this documentation:
https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Automatic_NAT_Traversal_for_IPsec_Tunneling_b...

 

Don't know why I couldn't find it last week. Thank you for the reply though.

View solution in original post

2 REPLIES 2
PhilipDAth
Kind of a big deal
Kind of a big deal

No matter what in AWS it will have to run through NAT. AutoVPN manages the setup of its VPNs through NAT automatically.

They call it "Meraki Simple".
Fitzy
Conversationalist

I guess I was looking for this documentation:
https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Automatic_NAT_Traversal_for_IPsec_Tunneling_b...

 

Don't know why I couldn't find it last week. Thank you for the reply though.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels