Is there possible that we can access other vlan on the same MX router via client VPN

ticongl
Comes here often

Is there possible that we can access other vlan on the same MX router via client VPN

Hi,all

 

I have set up a client vpn on MX64 and test good.after connect it,I got a internal VPN address like 192.168.1.100/24.But I want to visit another address in different subnet (like 192.168.2.100/24).Do you know how to make it happen?

 

Thanks

6 REPLIES 6
SoCalRacer
Kind of a big deal

By default I believe this is enabled. If you are using multiple VLANS then possibly it isn't enabled on the VLAN (Security Appliance>Configure>Addressing and VLANS> Routing> Click VLAN to modify. Verify "In VPN" is Checked.

 

Also see below link for some info on L3 rules to check.

 

https://documentation.meraki.com/MX/Client_VPN/Restricting_Client_VPN_access_using_Layer_3_firewall_...

Thanks for your reply. I am currently running on 14.39.But I can not see In VLan option and adding static route...... When I try to add a static route in routing page ,It will say"Static lan route subnets cannot be contained by (or be equal to) a client VPN subnet." Is version updated?or some reason?

Hello,

Client VPN subnets have access your local LAN by default. This is not dependent on any firmware.

A few questions for you

  1. Is your MX enabled for VLANs?  (navigate to Security and SD-WAN > addressing and VLANs >Routing, to check)
  2. Can the MX access the subnet 192.168.2.100/24? What is the interface of the MX for this subnet?    
  3. Do you have any layer 3 firewall rules denying all traffic to the local LAN?
  4. The MX will not allow you to add a static route for destination subnet as Client VPN subnet as that subnet is local to the MX
If this was helpful, click the Kudos button below.
If your issue was resolved, we request you to mark the post resolved so other users can benefit in future

The following KBs might help to enable VLANs and adding Static routes

https://documentation.meraki.com/MX/Networks_and_Routing/Configuring_VLANs_on_the_MX_Security_Applia...

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Addressing_and_VLANs

 

 

If this was helpful, click the Kudos button below.
If your issue was resolved, we request you to mark the post resolved so other users can benefit in future
ticongl
Comes here often

Hi, 1/2,Yes,all subnet has been created, and GW set to .1(like 192.168.100.0/24,gw set to 192.168.100.1) 3,No rules for blocking traffic I can ping all subnet's GW( .1 ) from VPN.but can not ping the IP in other subnet.and I am sure the IP is alive

Hi,

 

You most likely allready solved this problem. But I just wanted to share some info in case others have the same issue. I had the same problem. But I remembered I unchecked "Use default gateway of external network" in my vpn settings, so my internet traffic won't be slowed down by VPN. I noticed I had the same problem as you. I could not access a specific VLAN. Then it came to me. The VPN will be a gateway to your primary lan. your computer doesn't recognise the subnet and sends it to the internet instead of the vpn. When I check "use default gateway of external network" I can access all VLANs.

 

kind regards,

Hannemaster

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels