Client VPN issue with Specific Subnet

Getting noticed

Client VPN issue with Specific Subnet



I am having an odd issue with a specific subnet over the client VPN this subnet is in the local subnets, which in the meraki vpn documentation states the client VPN can access those automatically. I can access every other subnet but this one. The client VPN subnet is the subnet it cannot access is which is a voice network, I am trying to setup softphones for some teleworkers and have had zero luck with this. Makes no sense as I have nothing blocking accessing that subnet, pcap's haven't helped much either. Any ideas? 


I fixed it somehow send all traffic over the vpn was not enabled. That subnet now works. Thanks!

View solution in original post

Here to help

Have you added a static route and selected "In VPN?"



Why would you need to do that if it is in the local subnets on the MX. Even trying that I get "Static lan route subnets cannot be contained by (or be equal to) a client VPN subnet." 

If this was a solution, it would be for the VOIP subnet. If the VOIP is also local then yeah, you probably don't need it. At the headend have you ran a pcap on the internet and client_vpn interfaces?

I have ran pcaps on all interfaces. 

If you're not even seeing one-way traffic, our first objective is getting the phones 'registration' session initiated. Could you give more color as to how this is setup? Type of soft phone, WAN connection type, topology? Otherwise I'd consider opening a ticket. The Meraki team is great.
Kind of a big deal
Kind of a big deal

Are you using as the local "home" subnet - if so then it won't work.


Has the phone system ever needed to communicate outside of its local subnet before?  If not then I bet it has a mis-configured subnet mask or default gateway.


The next most likely solution is the phone system is configure to not allow connections from

I fixed it somehow send all traffic over the vpn was not enabled. That subnet now works. Thanks!

I was into this issue and tired to tinker around to check if its possible but couldnt get it done. Now that i have seen the way you did it, thanks guys


Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.