Client VPN don´t ping any local IP

SOLVED
Vincent
Here to help

Client VPN don´t ping any local IP

Hello,

 

The VPN client connects and authenticates against the active Directory correctly, but then is unable to access any IP of the local network (or the local IP of the MX64).

 

The local network has the range 192.168.1.0 / 24 and the VPN network is in the range 192.168.6.0/24

 

In the VPN client, I do not observe any route to the 192.168.1.0 network and the packages exit through the gateway to the Internet (logical that they do not arrive).

 

Any idea?

 

Regards

1 ACCEPTED SOLUTION
Nick
Head in the Cloud

Excellent news!

If you can tick the solution complete that will help others find the thread if they have issues 👍🏻

View solution in original post

18 REPLIES 18
Mr_IT_Guy
A model citizen

Good morning @Vincent ,

First question I have to ask, under Security & SD-WAN>Configure>Site-to-site VPN, you should see a list of your local networks attacked to the MX64. On your Client VPN, do you have YES selected under the Use VPN column?

Found this helpful? Give me some Kudos! (click on the little up-arrow below)

Hello @Mr_IT_Guy 

 

Site to site is Off. The list of LAN attached are seen under Addressing and VLANS. The VPN is client to VPN server.

 

Regards

 

 

Nick
Head in the Cloud

Hi Vincent,

 

What os is the client? 

 

If you are using macOS you must ensure you tunnel all traffic through the VPN for it to work correctly. Under advanced as per this screenshot 🙂 

 

 

Screenshot 2019-04-11 at 15.59.45.png

 

Do you have any firewall rules in place?

 

 

BrechtSchamp
Kind of a big deal

Probably not as you said the traffic is passing to the gateway, but I want to make sure anyway. The host network the client is in isn't 192.168.1.0/24 too, is it? As that could cause problems when trying to reach devices in that network.

 

192.168.1.0/24 is probably the most used subnet in the world so sooner or later this would cause issues.

Nick
Head in the Cloud

Ah I misread that as meaning something else.

I would agree that a change of subnet would be ideal if you can

Hi Nick

Client is Windows 10 and I probe with the 2 options and the result was the same

I have a rule that allows all traffic from the VPN network 192.168.6.0 to the internal network 192.168.1.0

The range of the client IP is 192.168.4.0

Thanks
Nick
Head in the Cloud

Its not the Windows firewall getting in the way is it?

Hi Nick

 

Under Addressing & VLAN I have

subnet.PNG

 

Under Client VPN ...

client vpn.PNG

Under Firewall ..

Firewall.PNG

 

 

At the client PC once connected ..

 

ipconfig.PNG

 

route.PNG

 

 

I don´t know what IP is 192.0.2.1 and logically as DNS server is of LAN remote  don´t resolve any name.

 

Regards

Boyan
Conversationalist

Hi Vincent,

 

I am wondering if you have found a solution to this problem, as I am experiencing the same issue?

Hello,

 

The requisite is check the option at client VPN configuration of Route all traffic over remote network and that remote machines have the gateway the MX.

Regards

ROCO
Here to help

This fixed my issue. Thank you Nick!

Nick
Head in the Cloud

Excellent news!

If you can tick the solution complete that will help others find the thread if they have issues 👍🏻

This worked for me.

 

macabi62
Comes here often

i have the same problem, help me please

Nick
Head in the Cloud

It might be best to make a new thread (feel free to link it here) with your specific issue and problems so we can see if we can help

macabi62
Comes here often

I solved the  problem with the steps that you shared here, thank you.

Nick
Head in the Cloud

Great - glad it helped!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels