Client access VPN can't access site-to-site VPN resources

SOLVED
mike-a
New here

Client access VPN can't access site-to-site VPN resources

I have a site-to-site vpn configured between MX and Amazon AWS.  I can access everything in both directions.  However, if I am remote and connected to the client access vpn, I can access everything attached to MX, but I can't access anything on AWS.  AWS can't ping my remote machine either.  I verified all routes are there and firewall is good.  anyone face this issue?

1 ACCEPTED SOLUTION
perrosenlind
Conversationalist

Is the vpn-subnet in the "in VPN" configuration? And is the S2S tunnel configured to include this?
Is there any group policies applied on the traffic?
How does a traceroute behave?
If you do a packet capture on the MX and in the AWS resource, what do you see?

View solution in original post

2 REPLIES 2
perrosenlind
Conversationalist

Is the vpn-subnet in the "in VPN" configuration? And is the S2S tunnel configured to include this?
Is there any group policies applied on the traffic?
How does a traceroute behave?
If you do a packet capture on the MX and in the AWS resource, what do you see?

first suggestion fixed it.  the client vpn subnet was not enable for the vpn.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels