Client VPN to Site 2 Site VPN unsuccessful

Poove888
Comes here often

Client VPN to Site 2 Site VPN unsuccessful

Hi all,

 

We are using Cisco Meraki Firewall and having 2 branches like Head Office & Branch Office. Our Head office servers were connected with Meraki firewall.

 

In branch office, In our Local machines-we have connected Client VPN to access Head office Servers through Cisco Meraki. After connecting servers we can able to access Clients through Windows RDP. But not able to connect from local machine to directly Clients.

 

Every time we will connect Client VPN==>take Windows RDP-HO Servers==> able to access Client.We need direct connectivity Client VPN==>access Client. Its too difficult for developing applications. So anyone give solution its more helpful for us.

 

Thanks for time.

7 REPLIES 7
SoCalRacer
Kind of a big deal

I am having trouble understanding exactly what the issue is. Do you have a simple network diagram/map?

Thanks for reply.. this is our Network Diagram

Poove888_0-1576051739951.png

 

cmr
Kind of a big deal
Kind of a big deal

Do you have one or two MXs at site A?

 

Is it simply that when you connect to MX at site A via the client VPN, you do not have a route to site B?

 

Are the three subnets for client VPN, site A and site B distinct and not overlapping?

 

Does site B have site A as a default gateway, if not does the routing table have the client VPN IP subnet in it with the next hop as site A?

 

 

Poove888
Comes here often

Do you have one or two MXs at site A?

 

We have only 1- MX at cloud MX(Site A)

 

 

Is it simply that when you connect to MX at site A via the client VPN, you do not have a route to site B?

 

Yes we have routing. Becz MX has 2 ip subnet- 1) Default, 2) Client VPN. All the Clients(Site B) are connected through Default IP & we can connect through Client VPN Access.

Example:-
MX - Default : 20.X.X.X
MX - Client VPN : 10.X.X.X

 

Site 2 Site between Site A (Headoffice) to Site B (Client)
20.X.X.X    to     192.168.X.X

 

Now connecting:
Branch                Client VPN       HO Server                  Clients
192.168.X.X         10.1.X.X -           RDP                      192.168.X.X

 


Are the three subnets for client VPN, site A and site B distinct and not overlapping?

 

I am not clear on this. what is three subnet?

 

 

Does site B have site A as a default gateway, if not does the routing table have the client VPN IP subnet in it with the next hop as site A?

 

While configuring Client's Firewall, we always mentioned both Default IP (20.X.X.X/24) & Client VPN(10.X.X.X/24) local subnets with gateway (30.X.X.X).

cmr
Kind of a big deal
Kind of a big deal

Are you really using 20.x and 30.x subnets, those are not private networks?

Poove888
Comes here often

Sorry for mis-update. actually we spoken that 20 series or 30 series. Thats why i mentioned accordingly.

 

Actual:

Local Subnet = >Default: 10.20.X.X & Client VPN-10.10.X.X

Public/Gateway static IP=37.X.X.X

 

 

 

SoCalRacer
Kind of a big deal

Does site B have a MX? Is the S2S VPN AutoVPN or non-Meraki peer?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels