Meraki

Community

Client VPN don´t ping any local IP

Solved
Vincent
Here to help
‎Apr 11 2019 4:08 AM
‎Apr 11 2019 4:08 AM

Client VPN don´t ping any local IP

Hello,

 

The VPN client connects and authenticates against the active Directory correctly, but then is unable to access any IP of the local network (or the local IP of the MX64).

 

The local network has the range 192.168.1.0 / 24 and the VPN network is in the range 192.168.6.0/24

 

In the VPN client, I do not observe any route to the 192.168.1.0 network and the packages exit through the gateway to the Internet (logical that they do not arrive).

 

Any idea?

 

Regards

1 Accepted Solution
In response to ROCO
Nick
Head in the Cloud
‎Mar 11 2020 2:21 AM
‎Mar 11 2020 2:21 AM

Excellent news!

If you can tick the solution complete that will help others find the thread if they have issues 👍🏻

View solution in original post

18 Replies 18
Mr_IT_Guy
A model citizen
‎Apr 11 2019 4:40 AM
‎Apr 11 2019 4:40 AM

Good morning @Vincent ,

First question I have to ask, under Security & SD-WAN>Configure>Site-to-site VPN, you should see a list of your local networks attacked to the MX64. On your Client VPN, do you have YES selected under the Use VPN column?

Found this helpful? Give me some Kudos! (click on the little up-arrow below)
In response to Mr_IT_Guy
Vincent
Here to help
‎Apr 11 2019 6:12 AM
‎Apr 11 2019 6:12 AM

Hello @Mr_IT_Guy 

 

Site to site is Off. The list of LAN attached are seen under Addressing and VLANS. The VPN is client to VPN server.

 

Regards

 

 

0 Kudos
In response to Vincent
Nick
Head in the Cloud
‎Apr 11 2019 8:00 AM
‎Apr 11 2019 8:00 AM

Hi Vincent,

 

What os is the client? 

 

If you are using macOS you must ensure you tunnel all traffic through the VPN for it to work correctly. Under advanced as per this screenshot 🙂 

 

 

Screenshot 2019-04-11 at 15.59.45.png

 

Do you have any firewall rules in place?

 

 

In response to Nick
BrechtSchamp
Kind of a big deal
‎Apr 11 2019 8:51 AM
‎Apr 11 2019 8:51 AM

Probably not as you said the traffic is passing to the gateway, but I want to make sure anyway. The host network the client is in isn't 192.168.1.0/24 too, is it? As that could cause problems when trying to reach devices in that network.

 

192.168.1.0/24 is probably the most used subnet in the world so sooner or later this would cause issues.

In response to BrechtSchamp
Nick
Head in the Cloud
‎Apr 11 2019 8:56 AM
‎Apr 11 2019 8:56 AM

Ah I misread that as meaning something else.

I would agree that a change of subnet would be ideal if you can
0 Kudos
In response to Nick
Vincent
Here to help
‎Apr 11 2019 11:59 PM
‎Apr 11 2019 11:59 PM

Hi Nick

Client is Windows 10 and I probe with the 2 options and the result was the same
0 Kudos
In response to Nick
Vincent
Here to help
‎Apr 12 2019 12:01 AM
‎Apr 12 2019 12:01 AM

I have a rule that allows all traffic from the VPN network 192.168.6.0 to the internal network 192.168.1.0

The range of the client IP is 192.168.4.0

Thanks
0 Kudos
In response to Vincent
Nick
Head in the Cloud
‎Apr 12 2019 2:54 AM
‎Apr 12 2019 2:54 AM

Its not the Windows firewall getting in the way is it?
0 Kudos
In response to Nick
Vincent
Here to help
‎Apr 12 2019 3:30 AM
‎Apr 12 2019 3:30 AM

Hi Nick

 

Under Addressing & VLAN I have

subnet.PNG

 

Under Client VPN ...

client vpn.PNG

Under Firewall ..

Firewall.PNG

 

 

At the client PC once connected ..

 

ipconfig.PNG

 

route.PNG

 

 

I don´t know what IP is 192.0.2.1 and logically as DNS server is of LAN remote  don´t resolve any name.

 

Regards

In response to Vincent
Boyan
Conversationalist
‎Jun 17 2019 5:42 AM
‎Jun 17 2019 5:42 AM

Hi Vincent,

 

I am wondering if you have found a solution to this problem, as I am experiencing the same issue?

0 Kudos
In response to Boyan
Vincent
Here to help
‎Sep 5 2019 3:25 AM
‎Sep 5 2019 3:25 AM

Hello,

 

The requisite is check the option at client VPN configuration of Route all traffic over remote network and that remote machines have the gateway the MX.

Regards

In response to Nick
ROCO
Here to help
‎Mar 8 2020 4:13 PM
‎Mar 8 2020 4:13 PM

This fixed my issue. Thank you Nick!

In response to ROCO
Nick
Head in the Cloud
‎Mar 11 2020 2:21 AM
‎Mar 11 2020 2:21 AM

Excellent news!

If you can tick the solution complete that will help others find the thread if they have issues 👍🏻
In response to Mr_IT_Guy
IAMTLOG
Conversationalist
‎Jun 23 2023 11:12 AM
‎Jun 23 2023 11:12 AM

This worked for me.

 

macabi62
Comes here often
‎Feb 11 2024 12:49 AM
‎Feb 11 2024 12:49 AM

i have the same problem, help me please

0 Kudos
In response to macabi62
Nick
Head in the Cloud
‎Feb 12 2024 3:52 AM
‎Feb 12 2024 3:52 AM

It might be best to make a new thread (feel free to link it here) with your specific issue and problems so we can see if we can help

0 Kudos
macabi62
Comes here often
‎Feb 12 2024 4:20 AM
‎Feb 12 2024 4:20 AM

I solved the  problem with the steps that you shared here, thank you.

0 Kudos
In response to macabi62
Nick
Head in the Cloud
‎Feb 12 2024 9:26 AM
‎Feb 12 2024 9:26 AM

Great - glad it helped!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.