Client cannot see device through VPN

ITJosh
Conversationalist

Client cannot see device through VPN

I have a client who can connect to the VPN just fine. I am using Meraki Cloud for authentication. The client cannot see a device that they are trying to remote desktop. I checked the users firewall and the client device is set to allow RDP. On my device, I was able to go on to the VPN and RDP into the computer just fine.

 

Would adding a static route help the connection? How would I go about doing so? I am not familiar with static routes.

 

Host VLAN: (192.168.100.0/23)

VPN subnet: (192.168.30.0/25)

3 Replies 3
Inderdeep
Kind of a big deal
Kind of a big deal

@ITJosh : Check this guide may be helpful for you 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
Aishwarya29
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hello,

 

If your device was able to RDP, it does not look like any configuration issue here on the dashboard. After connecting to the VPN, initially check reachability to the MX IP, then the device IP. Once IP reachability is confirmed, we can move to the RDP application troubleshooting. 

 

Contact Support if you need more assistance. 

GIdenJoe
Kind of a big deal
Kind of a big deal

Hey, if  you are using the L2TP/IPsec client VPN ( NOT the anyconnect variant ) then all routing is done on the client.
So if you have made the VPN split tunnel then you will need to add the routes to the client.
If you are using full tunnel, then it should already work provided you have no firewall rules blocking this traffic.

 

In case of windows 10 client VPN you can add conditional routes using powershell that only work when the VPN is up.
New-VpnConnectionRoute -Connectionname "yourVPNname" -DestinationPrefix "192.168.100.0/23"

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels