Client VPN not working without default gateway

RaulC
Conversationalist

Client VPN not working without default gateway

Hello everybody,
I set a client VPN configuration on a Meraki MX84 gateway, which mostly is used on windows 10 clients. I want to configure the Windows VPN client to NOT use the default gateway on the remote network which is working fine but I can't access the remote resources anymore(VM's from the on-premise network).
This option is important for us because I don't want all the network traffic to be routed through the Meraki gateway (like web traffic, youtube, etc. other activities that consume bandwidth). Due to the work-from-home program the load of the network band is pretty large so is this option available?

 

Many thanks for your support!
Raul

5 REPLIES 5
KarstenI
Kind of a big deal
Kind of a big deal

It should work by specifying the Split-Tunnel networks in your configuration. How did you configure it? If not already done this way, try the script from @PhilipDAth:

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

Another option would be to migrate to MX version 16 and use AnyConnect. There you can control these settings from the dashboard.

RaulC
Conversationalist

I already split the tunnel, check the attached image. After I unchecked the * Use the default gateway, the internet is working well, but I'm not able to access the local resources or internal IPs. At this moment I would like to configure these setting on the existing VPN client because the entire company is using the same connection settings, only if is not working at all I will try to find other solutions, like Cisco Anyconnect.

 

Thanks.


 vpn tunnel split.PNG

PhilipDAth
Kind of a big deal
Kind of a big deal

You'll want to use my tool that @KarstenI linked to.

 

If you do it that way using the GUI, then you'll need to add routes each time you connect for your remote network.

RaulC
Conversationalist

Hi @PhilipDAth my plan is to keep the VPN client from Windows because the company is Microsoft based and it's easier for all users. 

It's there a way to keep using the same vpn client and the routes&credentials to be saved in the connection settings? It's very uncomfortable to retype the routes and credentials every time you want to use the vpn tunnel (sometimes 3-4 times per day).

 

Thanks

PhilipDAth
Kind of a big deal
Kind of a big deal

Use the VPN wizard posted by @KarstenI  above to create the VPN.  It does the routes automatically.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels