cancel
Showing results for 
Search instead for 
Did you mean: 

Client access VPN can't access site-to-site VPN resources

SOLVED
New here

Client access VPN can't access site-to-site VPN resources

I have a site-to-site vpn configured between MX and Amazon AWS.  I can access everything in both directions.  However, if I am remote and connected to the client access vpn, I can access everything attached to MX, but I can't access anything on AWS.  AWS can't ping my remote machine either.  I verified all routes are there and firewall is good.  anyone face this issue?

1 ACCEPTED SOLUTION

Accepted Solutions
Conversationalist

Re: Client access VPN can't access site-to-site VPN resources

Is the vpn-subnet in the "in VPN" configuration? And is the S2S tunnel configured to include this?
Is there any group policies applied on the traffic?
How does a traceroute behave?
If you do a packet capture on the MX and in the AWS resource, what do you see?
2 REPLIES 2
Conversationalist

Re: Client access VPN can't access site-to-site VPN resources

Is the vpn-subnet in the "in VPN" configuration? And is the S2S tunnel configured to include this?
Is there any group policies applied on the traffic?
How does a traceroute behave?
If you do a packet capture on the MX and in the AWS resource, what do you see?
New here

Re: Client access VPN can't access site-to-site VPN resources

first suggestion fixed it.  the client vpn subnet was not enable for the vpn.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.