MX in L2 Transparent mode with Client VPN

Antohind
Getting noticed

MX in L2 Transparent mode with Client VPN

Hi guys, 

 

I have implemented a client VPN with no issues when the MX is in NAT mode but due to Meraki not supporting IPTV multicast I have decided to use the MX in passthrough mode and now since doing so I have lost my client VPN 

 

Is this feature available if so do i just need to route vpn traffic to the MX from my ISP router 

 

Any advice appreciated

 

Thanks  

12 Replies 12
ww
Kind of a big deal
Kind of a big deal

what do you mean with lost my client VPN?

Antohind
Getting noticed

I can no longer connect from externally into my LAN via the CLient VPN 

Antohind
Getting noticed

I can no longer connect from externally into my LAN via the Client VPN 

Antohind
Getting noticed

L2VPN no longer responds, my thoughts are that I may need to forward to the MX internal IP but again im not 100% sure on this 

ww
Kind of a big deal
Kind of a big deal

any errors in the log? you have nat upstream and forwarded the vpn ports to the mx ip?

Antohind
Getting noticed

Hi @ww

thanks that's my basic setup I have not changed any settings yet on the ISP router thats what I was thinking if I had to setup port forwarding to the meraki on 192.168.0.13

 

 

Meraki Config.png

jdsilva
Kind of a big deal

Yeah you'll need to forward VPN traffic (UDP ports 500 and 4500) to the MX.

 

https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Other_Problems

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

You'll also need to add a route on the default gateway for the client VPN pool via the MX.
Antohind
Getting noticed

Are you suggesting that I add routes into the default ISP router ?

 

If so this may be another stumbling block 😞

 

My router has only very basic options 

PhilipDAth
Kind of a big deal
Kind of a big deal

If you can't add a route to the ISP router, then you would need to add it to the devices that you need remote VPN access to (hopefully a server or PC ...).

Antohind
Getting noticed

 

.

 

Antohind
Getting noticed

All sorted thanks so much guys 

 

It was the routing from the ISP router that was causing the errors

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels