Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Basic VPN routing question, please - urgent

marky_uk
Just browsing
‎Mar 20 2020 7:37 AM
‎Mar 20 2020 7:37 AM

Basic VPN routing question, please - urgent

Hi there

 

I have at work: Virgin Media Hitron modem/router -> MX64 -> MR32

 

I want to setup the VPN for all my staff -

  1. I want their normal web traffic to go direct to web - I don't want Spotify, etc, coming via work!  (So I just disable "use default gateway ..." on their VPN connection, cool)
  2. I want all my staff who are working remotely to be able to access file shares on an internal server. - STUCK
  3. I want ports 21, 22, 3022 to go via the VPN every time from the client PC. - STUCK

 

I've got the VPN up and running but stuck on points 2 and 3.  Can someone help, please?

 

Main LAN is subnet 172.31.1.0/24.   MX IP is 172.31.1.254.  Using Google DNS.

Client VPN is subnet 172.31.10.0/24.  Using Google DNS.

 

Server IP is 172.31.1.33.  Subnet mask 255.255.255.0.  Default gateway 172.31.1.254.

 

When I connect to VPN from home, I am given IP 172.31.10.181.  Subnet mask 255.255.255.255.  No default gateway.

 

When I ping 172.31.1.33 from home, I'm getting Request timed out.  I'm assuming once I can ping and have routing sorted, I'll then be able to map via IP.

 

And then also to sort item 3.

 

Thanks to any help in advance.  I may sound like I know what I'm doing, but I don't too much so any simple help would be appreciated.

 

Mark

0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 20 2020 12:21 PM
‎Mar 20 2020 12:21 PM

Check out @Nash VPN scripts for split tunnelling.

https://github.com/gammacapricorni/happy-meraki-client-vpn 

 

You can do any kind of routing via ports with the Windows client VPN.  Windows doesn't support that.

0 Kudos
Uberseehandel
Kind of a big deal
‎Mar 20 2020 10:47 PM
‎Mar 20 2020 10:47 PM

 

@marky_uk 

Have you considered using a Cloud based file store for files you wish to share and synchronise? We have been using 

OneDrive, it comes with the Office365 subscription for some time and we find it most effective, and resilient. In fact we have been using Cloud-based software and services for decades, all around the world. It is extremely cost effective, and flexible, particularly when staff are on the road.

Encryption is not an issue - https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption?view=o365-worldwide 

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
SongCloud
Conversationalist
‎Mar 26 2020 9:14 AM
‎Mar 26 2020 9:14 AM

For issue #2 -  Run Wireshark on the server to see if the ICMP packets are even making it there.  If it is a Windows server, it is possible that the firewall is blocking something.  Check routing table on the remote client machine to ensure that the proper route is added with a lower metric for the internal network. 

 

For #3, I do not believe there is a way to configure port based routing via the VPN client.  The traffic will take the chosen path based solely on the routing table. 

 

HTH, but let me know if you need more clarification on anything.  Thanks!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.