Client VPN cant reach configured static routes

framosCTLink
Here to help

Client VPN cant reach configured static routes

Hi, 

 

can someone assist me on settings needed for Client using client VPN as they cannot reach any host configured under static routes. Below are the things/settings I've done to give you a whole grasp of the picture

 

 

Client VPN subnet (172.x.x.x)

MX Subnet 192.x.x.246

 

3rd party router (directly connected to MX84 Switch port)

192.x.x.1

192.x.x.254

 

for LAN, access all configured static routes are accessible  but when connecting to Client VPN, ping and connectivity is impossible. I've perform static route but traffic stopped to Meraki

Untitled.jpg

 

Layer 3 firewall rules, I've allowed 172.x.x.x going to 192.x.x.x

on 3rd party router, created static route going to 172.x.x.x next hop to 192.x.x.246 (meraki mx)

 

 

 

Is there anything I've missed here? 

Franco Ramos
3 Replies 3
Johnfnadez
Building a reputation

Try to configure a point to point subnet /30 for sample 192.168.100.0/30 between the 3rt party router and try to ping the MX side and the the 3rt party side.

The reconfigure the static route.

 

Something to take in count, have you check the static routes in the other router? bc would it be that the packet is arriving but it doesn`t know how to reply the message.

so try to configure a static route to the vpn client subnet in the 3rt party router.

 

Regards,

 

 

 

Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA
andy0609
Conversationalist

Also, what do you have any rules in your firewall to allow this traffic?

framosCTLink
Here to help

Hi @andy0609 ,

 

I dont have any rules for this.

 

I tried creating one being my Client VPN segment as my source and destination is the next hop IP but i think i didn't worked so i've removed it.

 

 

Franco Ramos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels