Access local VLANs from ClientVPN

SOLVED
Diniguez
Here to help

Access local VLANs from ClientVPN

Hi,

 

We have an MX connected to a MS and then, to an ISR.

MX <--> MS <--> ISR

 

The ISR is our Voice Gateway, which is VLAN 30 (IP = 10.10.30.1), and it has a Management interface which stands in VLAN 10 (IP = 10.10.10.1).

In order to access our voice vlan from the ClientVPN, I added a static route in the ISR with:

 

ip route 192.168.102.0 255.255.255.0 10.10.30.254

 

where 192.168.102.0 is our ClientVPN subnet and 10.10.30.254 is the MX IP for VLAN 30.

Everything good so far, but if I try to access the ISR's management interface I get this error in the MX log:

Diniguez_1-1614618349398.png

 

The only way that I achieved to make it work, is adding a second static route like this:

 

ip route 192.168.102.0 255.255.255.0 10.10.10.254

 

where 10.10.10.254 is the MX IP.

 

My question is, how can I reach both subnets without adding two static routes?

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

If you only need to get to the management interface on the ISR, only add the second default route.

ip route 192.168.102.0 255.255.255.0 10.10.10.254

 

You would make this much simpler if the ISR used a single interface, or you only attached the MX to one of the interfaces connected to the ISR.

View solution in original post

4 REPLIES 4
PhilipDAth
Kind of a big deal
Kind of a big deal

If you only need to get to the management interface on the ISR, only add the second default route.

ip route 192.168.102.0 255.255.255.0 10.10.10.254

 

You would make this much simpler if the ISR used a single interface, or you only attached the MX to one of the interfaces connected to the ISR.

So is not possible to have a single static route in the ISR and make it work for both VLANs?

DensyoV
Meraki Employee
Meraki Employee

Hi,

 

The connectivity between the MS and the ISR, can you make it an access port on VLAN 10? The alert detects the MAC address is sending using VLAN 30 IP 10.10.10.1 but from MX's perspective, this should be VLAN 10 network. 

 

Thanks,

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.

But I have some computers attached to phones, so I guess the link between the MS and ISR should be trunk, isn't it?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels