Thanks for your reply. I am currently running on 14.39.But I can not see In VLan option and adding static route...... When I try to add a static route in routing page ,It will say"Static lan route subnets cannot be contained by (or be equal to) a client VPN subnet." Is version updated?or some reason?

Hello,

Client VPN subnets have access your local LAN by default. This is not dependent on any firmware.

A few questions for you

1. Is your MX enabled for VLANs?  (navigate to Security and SD-WAN > addressing and VLANs >Routing, to check)
2. Can the MX access the subnet 192.168.2.100/24? What is the interface of the MX for this subnet?    
3. Do you have any layer 3 firewall rules denying all traffic to the local LAN?
4. The MX will not allow you to add a static route for destination subnet as Client VPN subnet as that subnet is local to the MX

The following KBs might help to enable VLANs and adding Static routes

https://documentation.meraki.com/MX/Networks_and_Routing/Configuring_VLANs_on_the_MX_Security_Applia...

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Addressing_and_VLANs

 

 

Hi, 1/2,Yes,all subnet has been created, and GW set to .1(like 192.168.100.0/24,gw set to 192.168.100.1) 3,No rules for blocking traffic I can ping all subnet's GW( .1 ) from VPN.but can not ping the IP in other subnet.and I am sure the IP is alive

Hi,

 

You most likely allready solved this problem. But I just wanted to share some info in case others have the same issue. I had the same problem. But I remembered I unchecked "Use default gateway of external network" in my vpn settings, so my internet traffic won't be slowed down by VPN. I noticed I had the same problem as you. I could not access a specific VLAN. Then it came to me. The VPN will be a gateway to your primary lan. your computer doesn't recognise the subnet and sends it to the internet instead of the vpn. When I check "use default gateway of external network" I can access all VLANs.

 

kind regards,

Hannemaster