Newbie question on routing

SOLVED
JWvE
Here to help

Newbie question on routing

Hi, we have two sites linked through AutoVPN.

Site A: 192.168.148.0/24, the MX64 has 192.168.148.254.

Site B: 192.168.71.0/24, the MX64 has 192.168.71.1.

My PC is in site B and has 192.168.71.2.

From my PC in site B I can ping any device in site A.

From any device in site A I can ping the MX64 in site B, but I cannot ping my PC.

From the MX64 in site B however I can ping my PC.

 

I don't really understand how that is possible. I must be overlooking something, I am very new to Meraki. 

 

The MX64 in site B is configured in NAT mode. 

The MX64 in site A is in passthrough mode.

 

Devices in site A know about the route to the IP subnet in site through a static route on the default gateway in site A. 

 

From a host in site A:

 

Tracert 192.168.71.1

 

Tracing route to 192.168.71.1 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.148.1
2 <1 ms <1 ms <1 ms 192.168.148.254
3 8 ms 6 ms 6 ms 192.168.71.1

Trace complete.

 

Tracert 192.168.71.2

 

Tracing route to 192.168.71.2 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.148.1
2 <1 ms <1 ms <1 ms 192.168.148.254
3 * * * Request timed out.
4 * * * Request timed out.

 

I would be very happy if someone could point me in the right direction.

 

Thank you

1 ACCEPTED SOLUTION
PhilipDAth
Kind of a big deal
Kind of a big deal

It sounds like you might have Windows Firewall enabled, which blocks ping outside of your local subnet.

View solution in original post

4 REPLIES 4
Rudi
Getting noticed


 

The MX64 in site B is configured in NAT mode. 

The MX64 in site A is in passthrough mode.

 

I think this is the answer to your question - if the MX64 in site B is in NAT mode - you shouldn't be able to ping through it. Since anything on the inside is translated to have a single IP. 

 

Edit: I've never used AutoVPN - the fact that you have one in NAT mode may be completely irrelevant.

PhilipDAth
Kind of a big deal
Kind of a big deal

It sounds like you might have Windows Firewall enabled, which blocks ping outside of your local subnet.

Yes, I am awfully sorry, this is incredibly silly. I did of course check the Windows firewall. I checked it, however, when I was connected to the office LAN, not after I patched my PC at the MX64. My PC thinks this is a new network and decides to block ICMP as the default setting. I am really sorry to have bothered you, but also very thankful.

PhilipDAth
Kind of a big deal
Kind of a big deal

No worries. It catches everyone out with its dynamic nature.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels