Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CLIENTE VPN MX84

Joselo
Just browsing
‎Mar 29 2020 7:44 AM
‎Mar 29 2020 7:44 AM

CLIENTE VPN MX84

Good Day

 

Can anyone help me please ... I configure a VPN CLIENTE on a MERAKI MX84, I connect with no problem to the vpn, but i can´t access to the offiece Internal LAN. did i miss something else to configure?

0 Kudos
Subscribe
9 Replies 9
Nash
Kind of a big deal
‎Mar 29 2020 9:50 AM
‎Mar 29 2020 9:50 AM

What's your home subnet vs. the subnet at the office? I.E. is your house 192.168.1.0/24 and is the office the same?

 

Do you have ACLs in your network that need to have the VPN subnet added to them?

Windows 10 Client VPN scripts: Makes life better!
Subscribe
In response to Nash
Joselo
Just browsing
‎Mar 29 2020 12:25 PM
‎Mar 29 2020 12:25 PM

This is mi home subnet 192.168.1.0/24, mi office subnet are many for example 192.168.11.0/24
192.168.10.0
192.168.8.0
... etc...

 

I don’t have ACL, but the meraki is conected to a Juniper Switch, the juniper switch works like a core 

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 29 2020 11:49 AM
‎Mar 29 2020 11:49 AM

Can you ping devices on the office LAN by IP address?

 

If you are trying to access device by name, have you got something to do name resolution like an Active Directory server?  If you have, can you ping the active directory server by IP address?  Can you ping it by name?

 

Also note Windows firewall often blocks ping.  So you can get cases where you can't ping a host but you can RDP to it.

0 Kudos
Subscribe
In response to PhilipDAth
Joselo
Just browsing
‎Mar 29 2020 12:27 PM
‎Mar 29 2020 12:27 PM

I cannot ping by name or by address to any subnet or domain controller

0 Kudos
Subscribe
In response to Joselo
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 29 2020 12:28 PM
‎Mar 29 2020 12:28 PM

What OS are you using for the client VPN?

0 Kudos
Subscribe
In response to PhilipDAth
Joselo
Just browsing
‎Mar 29 2020 12:29 PM
‎Mar 29 2020 12:29 PM

On mac and windows

0 Kudos
Subscribe
In response to Joselo
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 29 2020 12:30 PM
‎Mar 29 2020 12:30 PM

Are the machines you are trying to access in the office using the MX as their default gateway, or is their something else doing layer 3 routing?

0 Kudos
Subscribe
In response to PhilipDAth
Joselo
Just browsing
‎Mar 29 2020 12:59 PM
‎Mar 29 2020 12:59 PM

Each subnet has there on gateway but all of them point to the meraki gateway , for example
IP ADDRESS: 192.168.13.0/24
GATEWAY: 192.168.13.35
MERAKI NEXT HOP IP GATEWAY: 192.168.200.1

0 Kudos
Subscribe
In response to Joselo
BrechtSchamp
Kind of a big deal
‎Mar 30 2020 1:31 AM
‎Mar 30 2020 1:31 AM

I'd tackle the problem in phases.

 

Start simple. My first step after establishing the tunnel would be to ping the IP-address of your MX. I'd also try to make sure that it actually is the MX responding by accessing the local web page.

 

Once that works, work your way from there. Try pinging the Juniper. If it's not working, setup port mirroring and a packet capture on the interface of the Juniper and have a look at what's going on. If nothing arrives, then there's something wrong with the routing on your MX. If something arrives, but no reponse is sent, something is wrong in the Juniper.

 

Then move to a device in one of the subnets of the Juniper and repeat the process.

 

Things to keep in mind:

  • Software firewalls on devices are often configured not to respond to pings originating from outside their own subnet, make sure you change those settings.
  • Make sure your routing is always correct in both directions.
  • Beware of duplicate subnets.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.