Meraki

RahulPrasadh

We are having an issue when a user logs in via VPN from an ip range that is same as ip range as office. Office ip range is 192.168.x.x when a user logs in from an ip range that is same we cannot access the office internal server, which is ip 192.168.x.x. Is there a way to maybe map an IP that is same as VPN subnet 172.x.x.x/24 to the server?

alemabrahao

You can configure any other IP address range that the MX will add to its routing table.

If you have a layer 3 switch below the MX, you may need to add the route to that switch as well.

Just to confirm, who is the default gateway for your network?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

RahulPrasadh

172.x.x.x is our client VPN subnet, 192.168.x.x is our VLAN. Can you share any Meraki documentation related to this configuration.

Mloraditch

I believe you are saying (as an example) you have an internal subnet that is 192.168.1.0/24 and certain end users also have this as their home LAN. That will definitely cause a conflict and Meraki does not have a solution that I am aware of. The only NAT translation over VPN is for S2S for Auto VPN peers.

You can handle this with regular Cisco Firepower devices as they can handle complex NAT situations.

Generally it is not recommended to put your corporate LAN on the most common 192.168 subnets. I would also look into re-iping your internet networks to get outside of these ranges that home devices usually use.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Meraki

Community

Client VPN

Client VPN