I'm at a loss. We're trying to allow client VPN access (Meraki auth) to a DMZ VLAN for our facilities network and HVAC contractors.
The firewall rules look fine and should not affect traffic from the VPN.
Specifically, we're trying to connect to a JACE whose IP is fixed by MAC reservation in the DHCP scope for the 192.168.1.0/24 DMZ VLAN. If I'm using a client to connect to the JACE that is on the same subnet locally, I get a reply via ping and can access the web interface of the JACE through a browser by going to the IP of the JACE.
However, when I'm connected via the client VPN using a Mac or Windows 11 PC, I cannot connect to the web interface and neither can I ping the JACE. But I get ping responses from other hosts on the same subnet. Packet capture verifies all of this.
Prior to needing VPN access to hosts on the DMZ, we created those L3 deny rules to prevent anything on our internal VLANs from accessing the DMZ, and vice versa. I don't think we need to define static routes for the DMZ on the MX because the MX should handle the routing between the client VPN and the DMZ.
I've called into Meraki support several times and have a case open but I'm still looking for a solution. Thanks.
