No-NAT feature is available in OS 15.15 and yes we have it enabled on the WAN link. We don't have a MX in the HQ. Currently only the branch has a MX hence AutoVPN is not a possible. Secondly i cannot create a IPSec VPN with the HQ since the link between HQ and Branch is not direct. I wanted to keep the details simple so didn't mention this earlier. The network connectivity is as follows: The branch MX has MPLS link going to a Router in a DC. The DC router has Internet connection. This internet link is used for providing internet access to MX and its LAN subnet. The internet link on DC router is also used to establish an IPSec VPN with the HQ. Now if traffic is initiation from HQ LAN, it reaches MX WAN interface but is then dropped because by default inbound connections are not allowed on MX. Is there a way to allow these?
... View more
I have an MX deployed which uses a MPLS link to connect to the HQ. The same link is used for providing internet to the MX and the subnet behind MX, using the internet link at HQ. NAT is disabled on MX. All NAT takes places on the HQ border router. Internet is working fine but I have issue with traffic between HQ and the Branch MX. Although I can reach HQ LAN subnets using the MPLS link but it doesn't work in the reverse direction. I cannot access Meraki LAN subnets when sourced from HQ LAN since the MPLS link terminates on the Internet port of MX. Can the MX use one of it LAN ports to provide internet access to the MX itself? I have multiple HQ LAN subnets that need to communicated with multiple MX LAN subnet. Is there a way to allow inbound traffic where I have the MPLS link connected on the Internet port of MX?
... View more