Client VPN: MX64: how to allow access to LAN?

Solved
ValleyITPC
Getting noticed

Client VPN: MX64: how to allow access to LAN?

Mega-frustrated with this appliance at the moment.  I have successfully set up the client VPN, and am able to connect to it from a Windows 10 machine outside the network.  I do ipconfig on said machine and because I have an Ethernet controller and now this VPN connection item, i've got my two IP addresses:  my own internal LAN IP for my local network here at my own office, and then I've got the IP belonging to my VPN connection (FYI, it is 192.168.55.136, mask is /32, and default gate is 0.0.0.0 - is this normal as it is what happened by default?).

 

Dashboard shows my VPN-ed in client so that's all good.  

 

However, I have no ability to do anything ON the network at the remote office, nor do I really know how to test this.  My frustration comes from the fact that it seems nobody addresses this in any article or YouTube video, yet it would obviously be the #1 thing every single person setting this stuff up would want to know about.  Very annoying! 

 

So all I know so far is that by having all default firewall rules, there's nothing blocking anything there, per Meraki docs just having the Client VPN set up, the MX will allow inter-LAN traffic.  

 

I should note that via Addressing & VLAN's, I do not have the Use VLAN's checkmark checked.  This is default for the MX64/65 units I work with so I assume I don't have to create VLAN's to make all this work?  

 

So if I'm on the network, how can I figure out whether I have access to anything?  I can't ping any workstations at all, I can't browse the network to look for file shares or anything.  I might as well just not be connected.  I CAN ping the default gateway IP of the LAN belonging to the subnet I'd like to be accessing, so for me I'm on 192.168.55.136/32 and the actual LAN I want to be accessing resoruces on is 192.168.2.0/24 so I can ping 192.168.2.1 but nothing beyond that.  

 

Thanks all.  

 

 

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

The first question that comes to mind is what do you actually want to achieve?  What are you trying to access?

 

> I can't ping any workstations at all,

 

Most likely, Windows Firewall on those machines is blocking ping.

 

>I can't browse the network to look for file shares or anything

 

Are you running active directory?  Can you browse directly to a file share?

View solution in original post

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

The first question that comes to mind is what do you actually want to achieve?  What are you trying to access?

 

> I can't ping any workstations at all,

 

Most likely, Windows Firewall on those machines is blocking ping.

 

>I can't browse the network to look for file shares or anything

 

Are you running active directory?  Can you browse directly to a file share?

ValleyITPC
Getting noticed

Well I am sad to say, I'm a dummy.  

I had thought the firewall was allowing ping on the client machines, turns out it wasn't, and sure enough disabling it fixed that (3rd party endpoint security but still).  

 

I was able to reach a network share via the UNC pathing but only via IP address.  Now, since I haven't seen a real WINS server since um, Win 2000 days I can't even remember, should I have enabled that somehow in those client VPN settings, or, is there osme other way to get NetBIOS name resolution working without having any servers?  These are all Win 10 client PC networks, no servers, no AD at all.  


And as always, never post in frustration lol, I missed the most basic thing and overlooked the simplest troubleshooting due to that . 

 

Thank you btw, for the proper prodding I needed.  

PhilipDAth
Kind of a big deal
Kind of a big deal

If there are no AD servers available to map client names to addresses you options are limited.

 

I'd probably create a local hosts file on the remote machines to do the mappings, and fix the IP address of those machines being accessed.

ValleyITPC
Getting noticed

hosts file.  That's another one that's been a long time for me lol, but yes that makes sense.  Well I have DHCP reservations already set up on the MX so I'm probably ok to go by IP address I think but if I have need, at least the reminder of the hosts file will apply.  Thanks very much for that too.  

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels