cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is there possible that we can access other vlan on the same MX router via client VPN

Comes here often

Is there possible that we can access other vlan on the same MX router via client VPN

Hi,all

 

I have set up a client vpn on MX64 and test good.after connect it,I got a internal VPN address like 192.168.1.100/24.But I want to visit another address in different subnet (like 192.168.2.100/24).Do you know how to make it happen?

 

Thanks

6 REPLIES 6
Head in the Cloud

Re: Is there possible that we can access other vlan on the same MX router via client VPN

By default I believe this is enabled. If you are using multiple VLANS then possibly it isn't enabled on the VLAN (Security Appliance>Configure>Addressing and VLANS> Routing> Click VLAN to modify. Verify "In VPN" is Checked.

 

Also see below link for some info on L3 rules to check.

 

https://documentation.meraki.com/MX/Client_VPN/Restricting_Client_VPN_access_using_Layer_3_firewall_...

Comes here often

Re: Is there possible that we can access other vlan on the same MX router via client VPN

Thanks for your reply. I am currently running on 14.39.But I can not see In VLan option and adding static route...... When I try to add a static route in routing page ,It will say"Static lan route subnets cannot be contained by (or be equal to) a client VPN subnet." Is version updated?or some reason?
Meraki Employee

Re: Is there possible that we can access other vlan on the same MX router via client VPN

Hello,

Client VPN subnets have access your local LAN by default. This is not dependent on any firmware.

A few questions for you

  1. Is your MX enabled for VLANs?  (navigate to Security and SD-WAN > addressing and VLANs >Routing, to check)
  2. Can the MX access the subnet 192.168.2.100/24? What is the interface of the MX for this subnet?    
  3. Do you have any layer 3 firewall rules denying all traffic to the local LAN?
  4. The MX will not allow you to add a static route for destination subnet as Client VPN subnet as that subnet is local to the MX
If this was helpful, click the Kudos button below.
If your issue was resolved, we request you to mark the post resolved so other users can benefit in future
Meraki Employee

Re: Is there possible that we can access other vlan on the same MX router via client VPN

The following KBs might help to enable VLANs and adding Static routes

https://documentation.meraki.com/MX/Networks_and_Routing/Configuring_VLANs_on_the_MX_Security_Applia...

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Addressing_and_VLANs

 

 

If this was helpful, click the Kudos button below.
If your issue was resolved, we request you to mark the post resolved so other users can benefit in future
Comes here often

Re: Is there possible that we can access other vlan on the same MX router via client VPN

Hi, 1/2,Yes,all subnet has been created, and GW set to .1(like 192.168.100.0/24,gw set to 192.168.100.1) 3,No rules for blocking traffic I can ping all subnet's GW( .1 ) from VPN.but can not ping the IP in other subnet.and I am sure the IP is alive
Highlighted
New here

Re: Is there possible that we can access other vlan on the same MX router via client VPN

Hi,

 

You most likely allready solved this problem. But I just wanted to share some info in case others have the same issue. I had the same problem. But I remembered I unchecked "Use default gateway of external network" in my vpn settings, so my internet traffic won't be slowed down by VPN. I noticed I had the same problem as you. I could not access a specific VLAN. Then it came to me. The VPN will be a gateway to your primary lan. your computer doesn't recognise the subnet and sends it to the internet instead of the vpn. When I check "use default gateway of external network" I can access all VLANs.

 

kind regards,

Hannemaster

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.