Auto VPN

SOLVED
Ubaidkhan
Here to help

Auto VPN

Hi All,

I am creating auto VPN between to MX appliances as VPN established but it disable internet traffic. When VPN disable/off internet traffic is enable and devices can access VPN. please guide.

1 ACCEPTED SOLUTION
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Ubaidkhan , can you provide a bit more info on your setup?  What is the purpose of the auto-vpn? What resources are your users trying to access either side of the vpn? Are you placing all VLANs in the vpn? When you enable the vpn what traffic are you seeing on your wireshark traces (LAN and Internet)?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

11 REPLIES 11
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Ubaidkhan , can you provide a bit more info on your setup?  What is the purpose of the auto-vpn? What resources are your users trying to access either side of the vpn? Are you placing all VLANs in the vpn? When you enable the vpn what traffic are you seeing on your wireshark traces (LAN and Internet)?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

Hi @DarrenOC i have two MX devices in two different countries. one in pak and other is in dubai My concern is to connect these two devices through auto VPN to access ERP application from pakistan. and internet also work on client machine through which i am access ERP. 

 

Auto VPN is established and user can access ERP but he is not accessing to internet. 

i hope u get my point and if not let me know 

thanks 

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Ubaidkhan , is there an upstream firewall in Dubai? This is probably not aware of your IP subnets in Pakistan and is also probably blocking the internet traffic from that site.  Do you have access to that firewall to investigate?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Ubaidkhan
Here to help

no there is no other firewall in Dubai. just there is MX firewall through we are managing over network in Dubai

DarrenOC
Kind of a big deal
Kind of a big deal

Any chance you could provide a rough network diagram incl the subnets in question?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

@DarrenOC thanks for responses. Issue resolved. 

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Ubaidkhan , what did you do to resolve?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

As client is obtaining IP from DHCP server and obtaining an IP address from reserve IPs and I restart services of DHCP server and after that is obtain IP address from range which are allowed.

 

After that i have configure auto VPN Hub to Hub and then user can access internet.

These two things i have done. 

DarrenOC
Kind of a big deal
Kind of a big deal

So you had an IP conflict? But then surely the ERP traffic would have failed as well?

 

Glad to hear the issue is resolved.

 

See you in 2022

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

no i don't think that it is an IP confliction as there is only one device is connected with MX.  yes if it is IP conflict then ERP traffic also failed but ERP is accessible. as device is not in production environment just doing testing to take this device in production. 

 

According to my understanding, it is an DHCP error when i restart the services and release ip address from client machine issue is resolved. 

 

before this i have just reconfigure VPN. thanks for you support buddy. god bless you 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels