Hi all,
We are using Cisco Meraki Firewall and having 2 branches like Head Office & Branch Office. Our Head office servers were connected with Meraki firewall.
In branch office, In our Local machines-we have connected Client VPN to access Head office Servers through Cisco Meraki. After connecting servers we can able to access Clients through Windows RDP. But not able to connect from local machine to directly Clients.
Every time we will connect Client VPN==>take Windows RDP-HO Servers==> able to access Client.We need direct connectivity Client VPN==>access Client. Its too difficult for developing applications. So anyone give solution its more helpful for us.
Thanks for time.
I am having trouble understanding exactly what the issue is. Do you have a simple network diagram/map?
Thanks for reply.. this is our Network Diagram
Do you have one or two MXs at site A?
Is it simply that when you connect to MX at site A via the client VPN, you do not have a route to site B?
Are the three subnets for client VPN, site A and site B distinct and not overlapping?
Does site B have site A as a default gateway, if not does the routing table have the client VPN IP subnet in it with the next hop as site A?
Do you have one or two MXs at site A?
We have only 1- MX at cloud MX(Site A)
Is it simply that when you connect to MX at site A via the client VPN, you do not have a route to site B?
Yes we have routing. Becz MX has 2 ip subnet- 1) Default, 2) Client VPN. All the Clients(Site B) are connected through Default IP & we can connect through Client VPN Access.
Example:-
MX - Default : 20.X.X.X
MX - Client VPN : 10.X.X.X
Site 2 Site between Site A (Headoffice) to Site B (Client)
20.X.X.X to 192.168.X.X
Now connecting:
Branch Client VPN HO Server Clients
192.168.X.X 10.1.X.X - RDP 192.168.X.X
Are the three subnets for client VPN, site A and site B distinct and not overlapping?
I am not clear on this. what is three subnet?
Does site B have site A as a default gateway, if not does the routing table have the client VPN IP subnet in it with the next hop as site A?
While configuring Client's Firewall, we always mentioned both Default IP (20.X.X.X/24) & Client VPN(10.X.X.X/24) local subnets with gateway (30.X.X.X).
Are you really using 20.x and 30.x subnets, those are not private networks?
Sorry for mis-update. actually we spoken that 20 series or 30 series. Thats why i mentioned accordingly.
Actual:
Local Subnet = >Default: 10.20.X.X & Client VPN-10.10.X.X
Public/Gateway static IP=37.X.X.X
Does site B have a MX? Is the S2S VPN AutoVPN or non-Meraki peer?