Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Client VPN not able to access local LAN

BeninChurchil
Here to help
2 weeks ago
2 weeks ago

Client VPN not able to access local LAN

Hi Experts,

I'm fairly new to Meraki products, So I configured Client VPN on MX67 Security Appliance VPN is working but not able to access local LAN, attached is the picture of both Client VPN & FIrewall page below, please point me what I'm doing wrong here ?

Local LAN Subnet: 192.168.1.0/24

Client VPN Subnet: 192.168.10.0/24

BeninChurchil_0-1714320708272.png

BeninChurchil_1-1714320923982.png

 

 

Labels:
0 Kudos
Subscribe
13 Replies 13
KarstenI
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

How did you test it, that you came to the conclusion that it doesn't work? Often enough it is the local firewall on the destination device that drops the traffic.

You can capture on the LAN side of the MX and look if you see the client originated traffic.

Subscribe
JonathanSwitch
Meraki Employee
Meraki Employee
2 weeks ago
2 weeks ago

I see that you have the DNS server setting set to use Google Public DNS. If you're attempting to reach internal resources via hostname, this will fail and you'll need to enter your internal DNS server.

Are you able to ping internal devices on the Local LAN via IP address?

Subscribe
In response to JonathanSwitch
BeninChurchil
Here to help
2 weeks ago
2 weeks ago

I tried setting up domain as DNS in the Client VPN still not working ? I can't ping to my Domain also ?

More over I found out I don't have a Default gateway for the VPN ? Why ?

BeninChurchil_0-1714325980965.png

 

0 Kudos
Subscribe
In response to BeninChurchil
JonathanSwitch
Meraki Employee
Meraki Employee
2 weeks ago
2 weeks ago

Are you attempting or plan to configure split tunneling on your end client?

Can you verify if you have the "use default gateway on remote network" checked or unchecked? See this KB on how to find the setting on the adapter if needed: https://documentation.meraki.com/MX/Client_VPN/Configuring_Split_Tunnel_Client_VPN

If you're using MacOS, see the other option on that page, and let me know.

0 Kudos
Subscribe
In response to JonathanSwitch
BeninChurchil
Here to help
2 weeks ago
2 weeks ago

I'm running on Windows 11 Pro

BeninChurchil_0-1714327250105.png

It seems it is checked by default.

0 Kudos
Subscribe
BeninChurchil
Here to help
2 weeks ago
2 weeks ago

Should I create a static route ? from the VPN Subnet to local subnet ? 

0 Kudos
Subscribe
In response to BeninChurchil
JonathanSwitch
Meraki Employee
Meraki Employee
2 weeks ago
2 weeks ago

This is not needed. If you go to Network-Wide -> Packet Capture and take a packet capture on your MX's "LAN" interface, you'll notice that traffic from your client is traversing the VPN tunnel and being sent out on the LAN toward your DNS server, however, the DNS server is not responding. It is likely the firewall on the server that is dropping the traffic, but you'll need to investigate further as to why.

Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Can you ping the LAN IP of the MX?

You'll only be able to access internal servers via IP and not name using this configuration.

Also internal servers may need a Windows Firewall rule created to allow remote access from client VPN users.

Also, this configuration won't work if the subnet that the servers are on happens to be the same as the subnet that the users are connecting from at home.

Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

Have you enabled the VPN client subnet on SD-WAN?

 

Security & SD-WAN > Configure > Site-to-site VPN 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
2 weeks ago
2 weeks ago

1000015277.jpg

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
BeninChurchil
Here to help
2 weeks ago
2 weeks ago

Hi All,

You guys were right, It is the domain controller that is not being able to connect because other devices like switches, gateway, access points were able to ping & https accessable. But my domain controller which is Windows Server 2022 Standard. Its not pinging nor the SMB UNC path is also not accessible even RDP as well not sure if this is blocked by the server or firewall ?

0 Kudos
Subscribe
In response to BeninChurchil
JonathanSwitch
Meraki Employee
Meraki Employee
2 weeks ago
2 weeks ago

I am most certain it is the server's OS firewall. I believe most Windows Servers block remote subnets by default for public profiles. You'll want to check the rules for the Window's Firewall on the server and adjust accordingly.

Subscribe
In response to JonathanSwitch
BeninChurchil
Here to help
2 weeks ago
2 weeks ago

Yes, I will dig in the Windows Firewall and then comeback and post once I find out..

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.