Meraki

Community

Client access VPN can't access site-to-site VPN resources

Solved
mike-a
New here
‎Mar 12 2018 12:49 PM
‎Mar 12 2018 12:49 PM

Client access VPN can't access site-to-site VPN resources

I have a site-to-site vpn configured between MX and Amazon AWS.  I can access everything in both directions.  However, if I am remote and connected to the client access vpn, I can access everything attached to MX, but I can't access anything on AWS.  AWS can't ping my remote machine either.  I verified all routes are there and firewall is good.  anyone face this issue?

1 Accepted Solution
perrosenlind
Conversationalist
‎Mar 12 2018 1:19 PM
‎Mar 12 2018 1:19 PM

Is the vpn-subnet in the "in VPN" configuration? And is the S2S tunnel configured to include this?
Is there any group policies applied on the traffic?
How does a traceroute behave?
If you do a packet capture on the MX and in the AWS resource, what do you see?

View solution in original post

2 Replies 2
perrosenlind
Conversationalist
‎Mar 12 2018 1:19 PM
‎Mar 12 2018 1:19 PM

Is the vpn-subnet in the "in VPN" configuration? And is the S2S tunnel configured to include this?
Is there any group policies applied on the traffic?
How does a traceroute behave?
If you do a packet capture on the MX and in the AWS resource, what do you see?
In response to perrosenlind
mike-a
New here
‎Mar 12 2018 1:30 PM
‎Mar 12 2018 1:30 PM

first suggestion fixed it.  the client vpn subnet was not enable for the vpn.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.