Client VPN

BobSaget88
Comes here often

Client VPN

Hi,

 

Im running a brand new MX65.  Ive gone ahead and configured the Client VPN on the Meraki and a Local Client.

 

The Meraki is on 192.168.128.0/24

My Local Subnet is on 192.168.1.1/24

 

Im able to successfully connect to the VPN and browse the internet through the MX, but I cannot access local resources on the 192.168.1.1/24 subnet.  I tried creating a static route, but it complained about overlap.  ("

  • Static lan route subnets cannot be contained by (or be equal to) a client VPN subnet.")

Ive tried disabling IPv6 on the client device and verified theres no split tunneling.

 

Am I missing something?  

7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal

When you VPN in can you ping your devices via IP address?

 

A common issue is people don't have a name resolution system in place to convert device names to IP addresses.

BobSaget88
Comes here often

Nope, I actually tried by IP first.  In addition, none of these devices have any sort of firewall or network restrictions.

 

I feel like Im missing something.

BrechtSchamp
Kind of a big deal

Two questions:

 

  • The default gateway of the devices you're trying to ping is the MX?
  • You say the devices don't have a firewall, are you sure? The built-in windows firewall blocks responding to ping (icmpv4 echo requests) to subnets outside the local subnet.
BobSaget88
Comes here often

No, the default gateway is on another subnet.

 

And yes, I am absolutely sure, these are network appliances Im trying to connect to.

BrechtSchamp
Kind of a big deal


@BobSaget88 wrote:

No, the default gateway is on another subnet.


I'm afraid that's not possible, a default gateway is always on the same subnet as the device itself. So it's either the MX or some other router on the subnet, depending on your architecture.

BobSaget88
Comes here often

Please see my first post with the subnet info.  Each subnet has its own default gw.  The MX is on one subnet and the devices Im connecting to are on a different one.  Each subnet has its own gw.

BrechtSchamp
Kind of a big deal


@BobSaget88 wrote:

"but I cannot access local resources on the 192.168.1.1/24 subnet"


I'll try to put my question differently. What is the default gateway of those resources. Is it the MX (to which you're building the tunnel)?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels