Remote users cannot access a server over Site-to-Site.

SOLVED
Darian
Conversationalist

Remote users cannot access a server over Site-to-Site.

Hello everyone, 

 

We have a client that has their main HQ that remote users connect to via client VPN and they also have a site-to-site azure connection to the HQ that has a file server. 

 

The issue here is when a user connects to client VPN they cannot reach the azure file server, I did check and confirmed that the "Client VPN" subnet is allowed to communicate over the site-to-site connection.

 

Darian_0-1617753466748.png

 

I also confirmed that I can ping it from a computer that is on the same network as the HQ Meraki. Anyone have any ideas here? 

1 ACCEPTED SOLUTION

Accepted Solutions
Bruce
Kind of a big deal

Re: Remote users cannot access a server over Site-to-Site.

Do you have the routing on the Azure end correctly configured? (Sorry, not an Azure expert).

 

It appears that traffic is traversing the VPN tunnel as you say you can ping the Azure file server from a subnet behind the MX. But is there a path all the way from the Azure file server back to the 172.16.10.0/24 network (i.e. is the Azure routing configured to send 172.16.0.0/24 back through the VPN tunnel)? 

View solution in original post

3 REPLIES 3
Inderdeep
A model citizen

Re: Remote users cannot access a server over Site-to-Site.

@Darian @Can you run packet sniffer while connecting to Azure?

 

also check the below link

https://community.meraki.com/t5/Security-SD-WAN/vMX100-Azure-Windows-VPN-client-issues/td-p/31561

 

Regards
Inderdeep Singh
www.thenetworkdna.com
Bruce
Kind of a big deal

Re: Remote users cannot access a server over Site-to-Site.

Do you have the routing on the Azure end correctly configured? (Sorry, not an Azure expert).

 

It appears that traffic is traversing the VPN tunnel as you say you can ping the Azure file server from a subnet behind the MX. But is there a path all the way from the Azure file server back to the 172.16.10.0/24 network (i.e. is the Azure routing configured to send 172.16.0.0/24 back through the VPN tunnel)? 

View solution in original post

Darian
Conversationalist

Re: Remote users cannot access a server over Site-to-Site.

After looking a little harder, I was able to find where to input the subnet for azure so it knows where and what is allowed to pass traffic. I assumed you had to add it into the site-site / Azure IP information but you have to add it into the "remote WAN" section to work. Thank you for the help guys!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.