cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I can not reach s2s vpn from client vpn

Highlighted
New here

I can not reach s2s vpn from client vpn

Hi,

 

I've Cisco Meraki MX84. I've s2s tunnel between me and my customer. In company i'm using 192.168.48.0/24 network and with this network i can reach other side of tunnel. But when i connect client vpn from home, it gives me an ip from 172.16.2.0/24 and i can not reach s2s vpn side. I tried to use static route but it throwed me this error;

 

"Static lan route subnets cannot be contained by (or be equal to) a client VPN subnet."

 

Can you please help me?

3 REPLIES 3
Highlighted
Kind of a big deal
Kind of a big deal

Re: I can not reach s2s vpn from client vpn

does the customer vpn know where 172.16.2.0/24 is.

Highlighted
New here

Re: I can not reach s2s vpn from client vpn

No, actually i thought they don't need to know my vpn ip address. Should i need add it trusted ip list in customer s2s vpn configuration? I've 2 ssid in my company. 1 of them is giving from 10.0.1.X/24 and another one is hidden network, giving 192.168.48.X/24. When i connect from client vpn, i can reach 10.0.1.X/24 network, but i can go s2s vpn only 192.168.48.X/24. How can i go s2s vpn from client vpn? Do i need to use static route?
Highlighted
A model citizen

Re: I can not reach s2s vpn from client vpn

Have you added your client VPN subnet to your site-to-site VPN? It would need to be added to the Site-to-site VPN, and you would need to make sure that the site-to-site VPN firewall rules allow it to communicate across the site-to-site VPN the way you need it to.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.