Site to Site VPN unable to reach clients behind MX

glodge
New here

Site to Site VPN unable to reach clients behind MX

Have a site to site vpn configured between 7 sites and we cannot connect to devices on the local lan on each site from another site.

We can access and ping the MX devices in each site without issue just nothing behind them.

I've ben though the VPN firewalls an device firewalls and both set to any any default rule.

Checked subnets are not overlapping

Checked VPN status is up

 

Anything obvious I'm missing here. done a heap of these and never experienced this.

4 REPLIES 4
Slobs2
Getting noticed

Did you turn on VPN participation on the site-to-site VPN settings page for each VLAN you want to have access to over VPN?

https://documentation.meraki.com/MX/Site-to-site_VPN/Site-to-Site_VPN_Settings

Yeah one of the first things we did. there are 3-4 vlans in each site with 2 published to the WAN the others excluded

 

Slobs2
Getting noticed

Check for any group policy firewall rules;such as ones applied to VLANS.

Bruce
Kind of a big deal

If you go to Security & SD-WAN -> Route Table, does the route table on the MXs show the IP addresses of the remote sites, and are they shown as being accessible via a Meraki VPN?

Bruce_0-1622519277659.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels