Can't access local vlans over vpn

joshxx
New here

Can't access local vlans over vpn

Good day i currently have an ip adress on my vpn subnet that is 192.168.88.0/24.

 

Im trying to connect to other devices on the vlan 192.168.78.0/24 but i can't , the meraki mx has an ip from this address (78) , but i can only access the internet and not devices on the network 78 over the vpn network 88.

 

i have this on the firewall settings but no success at all

 Captura.JPG

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal

Before I go any further, the number #1 problem is Windows firewall.

 

Are you trying to access a Windows machine, and does it have Windows firewall enabled?  If so can you try disabling Windows firewall on the destination machine (the machine you are trying to access) and repeat the test.

 

If it still doesn't work, can you ping the IP address of the MX in that VLAN (192.168.78.0/24)?

DHAnderson
Head in the Cloud

You could download Advanced IP Scanner (https://www.advanced-ip-scanner.com/), then run it on a PC connected to the VPN.  You would set the range to scan as  192.168.78.0/24.  It will then scan that network and you should see all the machines on that subnet.

 

 

Dave Anderson
SopheakMang
Building a reputation

VPN rule by default is allow all , so i would like to recommend to ping from the VPN HUB to those subnet , make sure can reachable , verify flow of routing.
WWWolf
Here to help

Can you ping the devices across subnets? Try both IP & hostname - If you can ping IP but not name, check DNS settings.  Be sure your internal DNS servers are listed under Security & SD-WAN > Client VPN under Custom nameservers.

 

If both fail, make sure you have the routes properly configured.  Are your VLANs configured under Security & SD-WAN > Addressing & VLANs?

 

You can also look under Security & SD-WAN > Route table to see what routes are available to your VPN users.  If the necessary routes aren't there, there will be communication problems.  If using a separate router to traverse VLANs, there either has to be a route on the MX to that router or the routes also need to be in the MX configuration.

JamesFlorance
Here to help

Do you have both the source and destination subnets participating in the VPN? See below.

 

JamesFlorance_0-1586378513320.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels