Hello All,
We have a problem with Cisco Meraki MX. The Meraki appliance should replace current firewall which is deployed at customer. Almost everything is doing well, but there is an ASA behind the Meraki (in DMZ Section), which is doing site to site to another location (ASA and remote peer is not managed by us). For the DMZ section the MX appliance is doint 1:1 NAT for every Public IP. The devices which are there situated are accessible from the Internet. So the NAT is going well. BUT ... When the ASA is trying to establish through the MX IPsec, the tunnel it is not working, According to the 3rd party the Phase 1 is UP but there is problem with Phase2. The MX is in NAT mode
According to the manual, 1:1 NAT is configured, Nat-t are confirmed that are enabled on both of the ASA.
https://documentation.meraki.com/MX-Z/Other_Topics/Using_VPN_through_an_MX_Security_Appliance
Did you also had problem with this setup ?
Thank you in advance
Sorry for my bad english
Drawing for simplification:
+--------------+ | Remote Site | | | +--------------+ | | | | | +--------+ | INET | +--------+ | | (Public segment !1, /30 subnet) +--------+ | MX | +--------+ | |
# DMZ section | | #(Public segment !2, /29 subnet) | | (Not Important)
+--------+ +--------+ | ASA | | LAN | +--------+ +--------+
No comments:
Post a Comment