So, it may not be an easy thing to do. But, we have a customer that has a simple Meraki at a few sites. They don’t want to manager multiple internet providers. So, we have a Netgate at each site and behind the Netgate is their Meraki. Our Netgate handles the failover. But! This also gives us inside and control to see if the internet providers go offline. Failover works well. They use Meraki’s AutoVPN thingy and it works well, too. But, now they want to IPSEC to a cloud provider for one of their vendors to have a connection to each of their sites behind the Meraki.
Now, I’m not sure why. But that’s what they want. We don’t care to see what is behind the Meraki. We just want to be able to remote into the Netgate and access it remotely. Which we can now. But how can we just push full passthrough of internet without NAT to the Meraki? If I disable NAT outbound, I’d assume we’d lose our remote access.
I don’t know if this can even be done. But, felt like it was worth asking.
Before it’s asked, we would’ve managed their network and not needed the Meraki. But the customer’s “IT/Consultant” said they needed it. Now, I thought, maybe we can setup the IPSEC on our Netgate for each site to the Vendor and passthrough the IPSEC to the Meraki. Maybe that would work? Never tried it this way.