Client VPN issue with Specific Subnet

Solved
cplatt
Getting noticed

Client VPN issue with Specific Subnet

Hello,

 

I am having an odd issue with a specific subnet over the client VPN this subnet is in the local subnets, which in the meraki vpn documentation states the client VPN can access those automatically. I can access every other subnet but this one. The client VPN subnet is 10.1.2.0/24 the subnet it cannot access is 192.168.10.0/24 which is a voice network, I am trying to setup softphones for some teleworkers and have had zero luck with this. Makes no sense as I have nothing blocking accessing that subnet, pcap's haven't helped much either. Any ideas? 

1 Accepted Solution
cplatt
Getting noticed

I fixed it somehow send all traffic over the vpn was not enabled. That subnet now works. Thanks!

View solution in original post

8 Replies 8
JamesFlorance
Here to help

Have you added a static route and selected "In VPN?"

JamesFlorance_0-1587056727736.png

 

cplatt
Getting noticed

Why would you need to do that if it is in the local subnets on the MX. Even trying that I get "Static lan route subnets cannot be contained by (or be equal to) a client VPN subnet." 

JamesFlorance
Here to help

If this was a solution, it would be for the VOIP subnet. If the VOIP is also local then yeah, you probably don't need it. At the headend have you ran a pcap on the internet and client_vpn interfaces?

cplatt
Getting noticed

I have ran pcaps on all interfaces. 

JamesFlorance
Here to help

If you're not even seeing one-way traffic, our first objective is getting the phones 'registration' session initiated. Could you give more color as to how this is setup? Type of soft phone, WAN connection type, topology? Otherwise I'd consider opening a ticket. The Meraki team is great.
PhilipDAth
Kind of a big deal
Kind of a big deal

Are you using 192.168.10.0/24 as the local "home" subnet - if so then it won't work.

 

Has the phone system ever needed to communicate outside of its local subnet before?  If not then I bet it has a mis-configured subnet mask or default gateway.

 

The next most likely solution is the phone system is configure to not allow connections from 192.168.10.0/24.

cplatt
Getting noticed

I fixed it somehow send all traffic over the vpn was not enabled. That subnet now works. Thanks!

jaosndsmsiths
New here

I was into this issue and tired to tinker around to check if its possible but couldnt get it done. Now that i have seen the way you did it, thanks guys
with
regards

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels