Client access VPN can't access site-to-site VPN resources & Lack of stats on VPN Status

mel-astrosat
Here to help

Client access VPN can't access site-to-site VPN resources & Lack of stats on VPN Status

. I get very little info from the VPN monitor facility, only a green dot depicting a healthy VPN. There are no stats Throughput and Latency or other info.

Does that info only come with Meraki Auto VPNs ie a Meraki device at both ends. I have glanced at some literature that refers to VPN registers but again I think this involves Meraki - Meraki VPNs.

 

2. Having set up a client VPN link for working from home I am trying to get access to the site to site VPN.

I initially set up a firewall rule to allow the VPN subnet access to the main subnet. That allowed my PC at home access to every resource within our main office. When I tried adding the subnet at the distant end of the site to site VPN I fail to get access to the resources at the VPN distant end

 

First setting VPN subnet 192.168.101.0/24 ------------- Main Subnet 192.168.100.0/24  OK : can see all local resources

 

Second Setting 192.168.101.0/24 ------------ 192.168.100.0/24, 172.16.0.0/12 (added distant subnet) : Can still see main subnet but no access to distant subnet.

 

Both Main and VPN Subnet are enabled.

 

A tracert does not get past the MX 64 which suggests it is a firewall rule issue.

You can see from the settings above that I tried to inclide the VPN subnet in the forwarding rules but to no avail

 

Any advice would be great

3 REPLIES 3
jdsilva
Kind of a big deal

In the Site-to-site VPN settings, is the Client VPN subnet set to Yes for "Use VPN"?

 

image.png

Hi jdsilva.

yes both the main subnet 192.168.100.0/24 and the client VPN subnet 192.168.101.0/24 are ticked as "use VPN".

I had seen this point in an earlier suggested solution but on checking I noted that my vpn subnet was included.

I also got the distant end of the site2site vpn to include the subnet 192.168.101.0/24 but alas no success.

When I run tracert to the target 172.16.13.221 within the distant end subnet 172.16.0.0/12 the trace stops at 192.168.100.1 which is the Meraki device (firewall). This suggests to me that the firewall is preventing the bridge between the client vpn and the site to site vpn.

Furthermore I can remotely via the client vpn see all of the main subnet 192.168.100.0/24 and if I access my desktop located in the main office using remote desktop, I can then access all services on the distant end of the site to site vpn.

When I take my laptop into the office I can access everything.

 

Cheers

I am having the same issues. The "remote none-meraki" VPN need to have the client-van (different subnet) specified.

I did it, and it still didn't work.

 

Seem to work well only Meraki-Meraki AutoVPN.

 

None meraki peers seem to give problems like what you describe

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels