Meraki

Community

vMX + VPN Client

AlexanderDrago
Getting noticed
‎Nov 28 2019 3:09 AM
‎Nov 28 2019 3:09 AM

vMX + VPN Client

Hello!

I have a question about vMX on AWS + Client VPN

When Client connect to VPN on vMX Meraki, they don't have internet I mean any sites is cant resolve.

Is this possible can be with Routing problems?

 

My wish that users connect to vMX not to Router in office

0 Kudos
6 Replies 6
AjitKumar
Head in the Cloud
‎Nov 28 2019 5:05 AM
‎Nov 28 2019 5:05 AM

Hi @AlexanderDrago 

I may be completely wrong.

I understand Meraki Native Client VPN by default creates a FULL Tunnel with the site. You need to have internet service on the site.

This may be a reason why clients are not able to access internet.

You have scripts available to create a SPLIT Tunnel on Windows 10. (If the above reason is the issue).

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
0 Kudos
In response to AjitKumar
AlexanderDrago
Getting noticed
‎Nov 28 2019 5:29 AM
‎Nov 28 2019 5:29 AM

I created instance with meraki vmx

add it public ip and private ip

configure client vpn

after user connect to Client VPN on vMX his cant resolve any sites like google.com

 

In AWS VPC - Route Table

I told that 0.0.0.0/0 need use gateway

but maybe i didn't something with the route ?

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 28 2019 12:47 PM
‎Nov 28 2019 12:47 PM

Amazon AWs only allow local subnets to be NAted to get to the Internet.  The client VPN subnet wont be local, consequently wont be allowed Internet access.

 

You ideally want to use "split tunelling" on the clients so they access the Internet directly.  This site has a guide on how to configure this via Powershell.

http://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

0 Kudos
In response to PhilipDAth
AlexanderDrago
Getting noticed
‎Nov 29 2019 12:49 AM
‎Nov 29 2019 12:49 AM

I have not only Windows

 

So am i right understand user connecting to AWS vMX Meraki Client VPN will not have internet?

 

0 Kudos
In response to AlexanderDrago
JimmyPhelan
Getting noticed
‎Nov 29 2019 7:16 AM
‎Nov 29 2019 7:16 AM

The will not have access THROUGH the vMX, which is what a Full Tunnel is attempting to do. It is routing all of your traffic to the vMX and assuming the vMX knows how to handle this.

 

As the other replies have stated, you need to investigate creating Split Tunnel VPN's on your clients. This works by only sending specific traffic over the VPN (ie your subnet in AWS) and all other traffic should use your Gateway on your local network.

In response to JimmyPhelan
AlexanderDrago
Getting noticed
‎Nov 29 2019 10:29 AM
‎Nov 29 2019 10:29 AM

I understand that split tunnel not send all traffic to tunnel it only gives you access to a network resource but your external ip will be not from vMX

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.