Site to Site VPN no onsite DHCP server

TreyT
Conversationalist

Site to Site VPN no onsite DHCP server

Hi all, let me start by saying I'm extremely new to the IT game.  I recently setup a mx device at two locations.  The goal is to be able to share files over the vpn tunnel.  I setup site to site vpn configuration, and the vpn status is showing no issues.  I'm able to ping a computer succesfully on the other end of the tunnel.  I also tested that if i search for a printer by ip im able to connect to it.  The issue i'm having is that none of the devices can find each other by searching the network.  I do not have any form of on site dhcp server setup and i'm assuming that is my issue.  Is there a way to get the two mx devices to share dhcp info?  If not is there an easy to use dhcp server program I can setup on in windows 10 pro? Thanks in advance for any help

7 Replies 7
GaryShainberg
Building a reputation

Hi there,

 

Great to meet you, your post is a little confusing, so I will try and clarify a few things.

 

I assume you have two sites with an MX at each site and therefore each MX is acting as a DHCP server for each site.

 

In "addressing and vLAN" have you enabled multiple vLAN's and created an IP range for the local network at each site - the standard setting is one LAN (192.168.128.0/24)

 

In the site to site setup in VPN settings, what network have you allowed in the VPN ?

 

It may be worth drawing the two networks out to start with and share it (just a hand drawing and take a pic)

 

Then I (we) can help further

 

Regards

 

Gary

 

 

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~

AF7AE89B-D437-432E-BB12-F66384571C91.jpegAt both locations I have setup 2 vlans, one for the ip camera systems and one for the pc/printers. I have allowed VLAN1 to the vpn on each of the Mx devices. I am using the Mx for DHCP at each site also. VLAN 1 at site 1 is using 192.168.128.0/24, VLAN 1 at site 2 is using 192.168.127.0/24. I can ping across the vpn tunnel and get a response, or if I go to network-add a device and specify the printers ip at the other site I am able to make a connection. The issue I’m having is if I search for the pc’s on the other side of the tunnel to try and share files I can’t find them. 

GaryShainberg
Building a reputation

Hi there,

 

Sorry for the late reply from yesterday, been a little manic, (my dear community friend) @PhilipDAth has given you the main answer as basically the who MS ethos is LAN based and does not normally support WAN enviorments.

 

You should be able to ping each of the PC's on the alternative sites, assuming W10 firewall allows it, but remember that also W10 firewall, by default blocks traffic from non-local networks so this may also be an insure.

 

You should be able to use smb://IPnumber/sharename

 

For future, I would recommend from a network architecture point to always leave the management vLAN as 192.168.128.0/24 and the create additional vLAN's for the end-points leaving the infrastructure on the management vLAN and always leave the uplink ports as trunk ports.

 

Hope all this helps. Feel free to ask if not.

 

Regards

 

Gary

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~
PhilipDAth
Kind of a big deal
Kind of a big deal

The "Network Neighbourhood" relies on NetBios or LLMNR to show machines - and in both cases, it only shows you computers on the local LAN - not remote networks.

 

What you are experiencing is exactly how Microsoft designed it to work.

TreyT
Conversationalist

Thank you. I apologize for my ignorance, but I’m very new to this. If I were to assign static ip addresses in the Mx device, could I then go into the lmhost file and add the ip-device name, and then be able to find the device on the other lan?
GIdenJoe
Kind of a big deal
Kind of a big deal

If everything is part of a windows domain, can't you just use DNS?

GaryShainberg
Building a reputation

You could , but you would either have to create a local host file for each PC or have a DNS server that you have access to the host file that you can set-up the A records on.

 

You would still have to use SMB for access to the remote site.

 

 

CTO & Solutioneer
CMNA, CMNO, ECMS2
SNSA, SNSP
~~If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.~~
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels