MX64 - Client VPN - NSLOOKUP - Shared Netwok Drive

SOLVED
iReidy
Here to help

MX64 - Client VPN - NSLOOKUP - Shared Netwok Drive

Summary

I have setup my Client VPN and Users can connect OK however

Users cant connect to one of my network drive but can connect to the others?

NSLOOK Unknown Server?

Cant connect to a local web address?

 

More Info

Clients connect OK, we have a couple of shared drives across two servers,

they can connect \\AWA01\example1 = M

they can connect \\AWA01\example2 = N

they can not connect \\awa02\example3 = O

* these drives connect OK when Users are on the local lan

* If they click on O they get the following error - An error accured while reconnecting O:

 

ALSO

We have a server running some specific software and on the VPN we can't connect to the URL

 

ALSO

If I ping the servers I get a responce

If I do a DNS LOOKUP I get the following

DNS request timed out

timeout was 2 seconds

Default Server;: UnKnown

Address: 192.168.10.19

 

MERAKI MX64 VPN

Client VPN Server: Enabled

HOSTNAME: ONE-************ I have hid this ********

Client VPN subnet: 192.168.12.0/24

DNS nameservers: Specify nameservers

Custom nameservers: 192.168.10.19 and 8.8.8.8

WINS: No Wins server

Secret: ****I have hid this******

Authentication: Meraki Cloud

 

 

1 ACCEPTED SOLUTION
AndrewR
Conversationalist

You'll want a rule that looks something close to, if not exactly like, this. The only part I am making an assumption on for you is the destination IP. I assumed your DNS server IP to be in the same subnet as all the file servers you are trying to access.

 

Screen Shot 2018-01-24 at 11.30.21 AM.png 

For troubleshooting, place this rule first at the top of your firewall rules list. Hit Save. Wait a minute or two for the config the update, and then test it out. You may need to reboot the vpn client, and/or disconnect/reconnect the vpn client for all settings to apply. Remember that this is an allow-all rule, which is ideal for troubleshooting, but you may want to make it more restrictive after you confirm what is causing the issue.

View solution in original post

4 REPLIES 4
AndrewR
Conversationalist

My initial reaction is that the issue is at the firewall (Security Appliance --> Firewall), and the Client VPN subnet is not being granted access to server O and the URL you spoke of. I would double-check firewall rules first, making sure the proper exceptions are in place. When I first launched our client VPN I could not connect to anything on the LAN because it was all being blocked by the firewall. I had to then go insert some Allow exceptions.

 

For troubleshooting and to quickly prove/disprove this theory, you could put an Allow-All from VPN to LAN rule in to see if that clears your errors immediately, and if so, can then go back and adjust your rules to be more prescriptive. 

 

I'll be curious to hear if that changes anything for you.

Thanks for the reply, I couldnt see where to add this in the firewall.

Could you kindly point out which bit I add to the firewall.

 

 

AndrewR
Conversationalist

You'll want a rule that looks something close to, if not exactly like, this. The only part I am making an assumption on for you is the destination IP. I assumed your DNS server IP to be in the same subnet as all the file servers you are trying to access.

 

Screen Shot 2018-01-24 at 11.30.21 AM.png 

For troubleshooting, place this rule first at the top of your firewall rules list. Hit Save. Wait a minute or two for the config the update, and then test it out. You may need to reboot the vpn client, and/or disconnect/reconnect the vpn client for all settings to apply. Remember that this is an allow-all rule, which is ideal for troubleshooting, but you may want to make it more restrictive after you confirm what is causing the issue.

Thanks that worked, I'm new to Meraki always used Draytek.

Gratefull for you taking a look and helping solve my issue.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels