Client access VPN can't access site-to-site VPN resources & Lack of stats on VPN Status

Here to help

Client access VPN can't access site-to-site VPN resources & Lack of stats on VPN Status

. I get very little info from the VPN monitor facility, only a green dot depicting a healthy VPN. There are no stats Throughput and Latency or other info.

Does that info only come with Meraki Auto VPNs ie a Meraki device at both ends. I have glanced at some literature that refers to VPN registers but again I think this involves Meraki - Meraki VPNs.


2. Having set up a client VPN link for working from home I am trying to get access to the site to site VPN.

I initially set up a firewall rule to allow the VPN subnet access to the main subnet. That allowed my PC at home access to every resource within our main office. When I tried adding the subnet at the distant end of the site to site VPN I fail to get access to the resources at the VPN distant end


First setting VPN subnet ------------- Main Subnet  OK : can see all local resources


Second Setting ------------, (added distant subnet) : Can still see main subnet but no access to distant subnet.


Both Main and VPN Subnet are enabled.


A tracert does not get past the MX 64 which suggests it is a firewall rule issue.

You can see from the settings above that I tried to inclide the VPN subnet in the forwarding rules but to no avail


Any advice would be great

3 Replies 3
Kind of a big deal

In the Site-to-site VPN settings, is the Client VPN subnet set to Yes for "Use VPN"?



Hi jdsilva.

yes both the main subnet and the client VPN subnet are ticked as "use VPN".

I had seen this point in an earlier suggested solution but on checking I noted that my vpn subnet was included.

I also got the distant end of the site2site vpn to include the subnet but alas no success.

When I run tracert to the target within the distant end subnet the trace stops at which is the Meraki device (firewall). This suggests to me that the firewall is preventing the bridge between the client vpn and the site to site vpn.

Furthermore I can remotely via the client vpn see all of the main subnet and if I access my desktop located in the main office using remote desktop, I can then access all services on the distant end of the site to site vpn.

When I take my laptop into the office I can access everything.



I am having the same issues. The "remote none-meraki" VPN need to have the client-van (different subnet) specified.

I did it, and it still didn't work.


Seem to work well only Meraki-Meraki AutoVPN.


None meraki peers seem to give problems like what you describe


Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.