Remote users cannot access a server over Site-to-Site.

SOLVED
Darian
Here to help

Remote users cannot access a server over Site-to-Site.

Hello everyone, 

 

We have a client that has their main HQ that remote users connect to via client VPN and they also have a site-to-site azure connection to the HQ that has a file server. 

 

The issue here is when a user connects to client VPN they cannot reach the azure file server, I did check and confirmed that the "Client VPN" subnet is allowed to communicate over the site-to-site connection.

 

Darian_0-1617753466748.png

 

I also confirmed that I can ping it from a computer that is on the same network as the HQ Meraki. Anyone have any ideas here? 

1 ACCEPTED SOLUTION
Bruce
Kind of a big deal

Do you have the routing on the Azure end correctly configured? (Sorry, not an Azure expert).

 

It appears that traffic is traversing the VPN tunnel as you say you can ping the Azure file server from a subnet behind the MX. But is there a path all the way from the Azure file server back to the 172.16.10.0/24 network (i.e. is the Azure routing configured to send 172.16.0.0/24 back through the VPN tunnel)? 

View solution in original post

2 REPLIES 2
Bruce
Kind of a big deal

Do you have the routing on the Azure end correctly configured? (Sorry, not an Azure expert).

 

It appears that traffic is traversing the VPN tunnel as you say you can ping the Azure file server from a subnet behind the MX. But is there a path all the way from the Azure file server back to the 172.16.10.0/24 network (i.e. is the Azure routing configured to send 172.16.0.0/24 back through the VPN tunnel)? 

After looking a little harder, I was able to find where to input the subnet for azure so it knows where and what is allowed to pass traffic. I assumed you had to add it into the site-site / Azure IP information but you have to add it into the "remote WAN" section to work. Thank you for the help guys!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels