I have spent a few hours to test this function but failed to pass the traffic when MX65 is in L2 mode
MX65 is connected to the ISP router which provides NAT
VPN is established successfully each time.
No traffic when MX65 is in Passthrough or VPN Concentrator mode
it works fine when MX65 is in Routed mode.
No other changes. It is confirmed that just the mode is cause of it.
Do I miss any setup to get it work in Passthrough or VPN Concentrator mode?
I am testing the devices.
ISP router has public IP at WAN end.
ISP router has private IP at LAN end - 192.168.1.1/24
MX65 has static IP at uplink port -192.168.1.3/24 , Gateway 192.168.1.1
All devices are working fine behind MX65 for internet.
Only devices connected to VPN doesn't work.
Test device is IOS
Port forwading is setup correctly as IOS can establish
The remote device can be seen in client list as online client VPN
Solved! Go to Solution.
What subnet are you handing out for the VPN client devices and do you have a route for that subnet pointed back to your passthrough MX?
Been trying to figure this one out for some time, I added the static routes but Never thought I needed to forward the traffic back to the MX and not just my L3 Switch.
I created a route for the subnet I had setup in Client VPN, and pointed that right back to the MX.
ping 22.214.171.124 Finally.
The VPN was working for local resources but that was about all.
Thank you for your Suggestion this helped me.
@ChrisKemsley, @PhilipDAth There is no route configured on ISP to point back the VPN subnet. I was not aware of this requirement. I thought the VPN subnet was NATted behind the MX's IP address so the ISP GW won't see actual VPN subnets. I will test to add a static route on ISP and report back. Thank you for the advise.