cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Client VPN using static route

SOLVED
Getting noticed

Client VPN using static route

Have Client VPN  thats using meraki cloud for authentication and DHCP.  On the MX thats doing the client VPN, theres a static route that users there on the local LAN need to use to reach another subnet for business application thats managed by 3rd party.. that works fine. But client vpn user can access that local LAN fine, but can't access that business app subnet.  Is there a trick to it?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Client VPN using static route

Is that static route written to allow traffic from the client VPN? Does it send all traffic intended for VendorSubnet to that subnet?

Does the vendor have a route back to your client VPN subnet? If not, they'll need to add it. Otherwise their equipment doesn't know how to get back to you.

8 REPLIES 8
Highlighted
Kind of a big deal

Re: Client VPN using static route

Is that static route written to allow traffic from the client VPN? Does it send all traffic intended for VendorSubnet to that subnet?

Does the vendor have a route back to your client VPN subnet? If not, they'll need to add it. Otherwise their equipment doesn't know how to get back to you.

Getting noticed

Re: Client VPN using static route

yeah thats exactly what I am thinking too..I've reached out to them and am having them make sure there is a route back for the client vpn subnet.   Wasn't sure if i was missing something on our end in regards to that client vpn subnet

Kind of a big deal

Re: Client VPN using static route

Double-checked config at a client where we do this.

 

Your static route should be fine unless you've got a weird ACL thing going on somewhere.

 

So I'd bet money it's your vendor. I hope they get back to you soon.

Getting noticed

Re: Client VPN using static route

so I can ping the other side of the route (gateway ) now since they put route back in, but can't ping the server i need..I'm thinking maybe an ACL on their side..heres what its looking like

 

Tracing route to 10.209.95.84 over a maximum of 30 hops

1 * * * Request timed out.
2 * * * Request timed out.
3 50 ms * * 10.226.156.240
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * *

Kind of a big deal

Re: Client VPN using static route

You may be right! Good luck. I usually have to provide the list of subnets that need access, then patiently poke until the changes all get made.

 

On your original working subnet, are you able to ping that target server? If not and you know what port you're using... In Windows, you can use Test-NetConnection to initiate a TCP handshake.

 

So if it's on port 443, for that IP, you'd do: Test-Netconnection -Comp 10.209.95.84 -port 443 -info detailed

Getting noticed

Re: Client VPN using static route

yeah I can reach from the LAN subnet fine

Kind of a big deal

Re: Client VPN using static route

Windows Firewall on the remote machine?

Kind of a big deal

Re: Client VPN using static route

If the LAN subnet is working fine, that sounds like you need to poke your vendor some more about setting your client VPN subnet up "just like my LAN subnet." 😕

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.