Meraki

Community

Newbie question on routing

Solved
JWvE
Here to help
‎Jun 19 2018 7:08 AM
‎Jun 19 2018 7:08 AM

Newbie question on routing

Hi, we have two sites linked through AutoVPN.

Site A: 192.168.148.0/24, the MX64 has 192.168.148.254.

Site B: 192.168.71.0/24, the MX64 has 192.168.71.1.

My PC is in site B and has 192.168.71.2.

From my PC in site B I can ping any device in site A.

From any device in site A I can ping the MX64 in site B, but I cannot ping my PC.

From the MX64 in site B however I can ping my PC.

 

I don't really understand how that is possible. I must be overlooking something, I am very new to Meraki. 

 

The MX64 in site B is configured in NAT mode. 

The MX64 in site A is in passthrough mode.

 

Devices in site A know about the route to the IP subnet in site through a static route on the default gateway in site A. 

 

From a host in site A:

 

Tracert 192.168.71.1

 

Tracing route to 192.168.71.1 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.148.1
2 <1 ms <1 ms <1 ms 192.168.148.254
3 8 ms 6 ms 6 ms 192.168.71.1

Trace complete.

 

Tracert 192.168.71.2

 

Tracing route to 192.168.71.2 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.148.1
2 <1 ms <1 ms <1 ms 192.168.148.254
3 * * * Request timed out.
4 * * * Request timed out.

 

I would be very happy if someone could point me in the right direction.

 

Thank you

0 Kudos
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 19 2018 12:15 PM
‎Jun 19 2018 12:15 PM

It sounds like you might have Windows Firewall enabled, which blocks ping outside of your local subnet.

View solution in original post

4 Replies 4
Rudi
Getting noticed
‎Jun 19 2018 11:03 AM
‎Jun 19 2018 11:03 AM

 

The MX64 in site B is configured in NAT mode. 

The MX64 in site A is in passthrough mode.

 

I think this is the answer to your question - if the MX64 in site B is in NAT mode - you shouldn't be able to ping through it. Since anything on the inside is translated to have a single IP. 

 

Edit: I've never used AutoVPN - the fact that you have one in NAT mode may be completely irrelevant.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 19 2018 12:15 PM
‎Jun 19 2018 12:15 PM

It sounds like you might have Windows Firewall enabled, which blocks ping outside of your local subnet.

In response to PhilipDAth
JWvE
Here to help
‎Jun 20 2018 4:16 AM
‎Jun 20 2018 4:16 AM

Yes, I am awfully sorry, this is incredibly silly. I did of course check the Windows firewall. I checked it, however, when I was connected to the office LAN, not after I patched my PC at the MX64. My PC thinks this is a new network and decides to block ICMP as the default setting. I am really sorry to have bothered you, but also very thankful.

In response to JWvE
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 20 2018 11:58 AM
‎Jun 20 2018 11:58 AM

No worries. It catches everyone out with its dynamic nature.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.