Hi,
We have just received a new set of Meraki hardware to be deployed across two sites. Both network are freshly created and each is just a single native VLAN with no L3 or L7 walls. Both sites are to be connected by a Meraki site-to-site VPN.
SITE/NETWORK A - Factory (192.168.128.0/24 - MX IP 192.168.128.1)
1 x MX84
SITE/NETWORK B - Packing (192.168.15.0/24 - MX IP 192.168.15.1)
1 x MX68
1 x MR33
We are work shopping this setup now with both sites connected to the internet behind separate NAT firewalls, SITE B is behind a USB 4G cel model and SITE A is behind a DSL modem. With site-to-site enabled on both networks we get a successful VPN registry and NAT friendly traversal - happy days. However for some reason PCs connected to either MX can't communicate with ones on the other MX. Both MX's can ping each others internal LAN IP addresses using the Appliance status > Tools page > ping pool, and this stops working if I "un-export" either subnet on either MX which leads me to think data is passing. Both MX's can't pint clients on the other's network except for the MX84 at SITE A which can ping the MR33 at SITE B.
At this point I don't really see what else to try, as mentioned earlier both networks are freshly created with next to no changes apart from the S2S VPN settings.
Could it be that both MX's are behind NAT and this is causing issues on data passing however both MX's and networks report successful VPN connectivity.
I should also mention that I'm not onsite right now and am performing these configurations and tests remotely. I won't be onsite until later this week for deployment - at an industrial farm off the beaten track - so I'd like to see if anyone has seen this before. When we do go to site to install the MX84, it will no longer be behind a NAT, leaving only the MX67 to behind the USB 4G modem NAT.
Thanks in advance for any info.
Jason
