We have set up a client VPN connection to our MX, which works. Now we are also setting up a site-to-site VPN connection to our server, which is not located in our office. We have now found that all VPNs work but we cannot access the server. Do we need a static or source-based route for this to work? If so, what should the route look like? Important: The subnet of the server is not configured in Meraki, as the server is located outside the network. How can we solve this problem?
Hi @AdminTS , I assume the servers reside in the network at the other end of the S2S VPN?
can you add a route that points to the servers that terminate on the other end of the VPN tunnel?
I cannot add a route because the servers are not in my own network. So another solution is certainly needed.
If you are using a non-Meraki site to site VPN - the VPN encryption domain for your end will need to include the subnet that you are using for your client VPN.
I don't currently know what you mean by that. Yes, it is a sito-to-site connection "non-Meraki", as the end is not a Meraki firewall. I am only interested in configuring that you start with client VPN and then reach the end via sito-to-site. Both connections work independently but unfortunately not together. So I can't access my resources, even though the client VPN is established. What exactly do I have to do here to make it work?
1) Make sure you have VPN Mode = Enabled on your Client VPN subnet on the MX
2) Make sure the remote end includes your VPN subnet in their remote encryption domain
VPN is activated in the subnet 10.61.0.1. Otherwise the VPN client connection would not work at all. But it does!
What do you mean by recording the subnet on the other side? Do you mean the VPN subnet or the public IP address?
The device/firewall on the other end of the non-Meraki VPN needs to have your client VPN subnet configured to route down the tunnel, so it knows how to route back to you.
Thanks for the info. I'm not talking about a VPN tunnel, but two tunnels. Were you aware of that?
I would like to show you here how the route should work.
With Client VPN I connect to the Meraki MX64 (Gateway 10.61.0.1). The VPN client subnet is 10.61.20.0. I would now like to access the server, which is located in the subnet 192.168.12.0/24. Logically, I cannot ping the subnet of the server. There is a site-to-site VPN connection for this subnet, which works properly. What do I have to do to ensure that the connection to the server from outside works?
Does anyone here have any ideas on how to optimize such connections?