VPN Client with Site-to-Site VPN

LucL
Here to help

VPN Client with Site-to-Site VPN

Hello,

 

I got some problem to configure my Client VNP to access to the second site on Site-to-Site VPN.

 

The organisation is :

Site 1 - Main site - configured in Hub (in Site-to-Site setting)

IP : 192.168.111.0/24 and 192.168.110.0/24

 

Site 2 - Second site - configured in Spoke (in Site-to-Site setting)

IP : 192.168.113.0/24

 

The Client VPN is configured on the Site 1.

 

I have access to the Site 1 with my VPN Client.

But I don't have access to the Site 2.

I don't really want to configure a new VPN Client on Site 2, I would like to prefer if the VPN Client from Site 1 have access to Site 2.

 

On the Site-to-Site setting in the Site 1, I have approved the Client VPN in VPN mode.

LucL_0-1660732500286.png

 

On the Site-to-Site setting in the Site 2, I have this :

LucL_1-1660732613803.png

LucL_2-1660732633063.png

 

Does anyone have a suggest ?

Thank you

 

Luc

 

 

 

8 Replies 8
ww
Kind of a big deal
Kind of a big deal

Are you using split or full tunnel client vpn?

Do you have any sts-vpn firewall rules configured?

LucL
Here to help

Hi @ww ,

 

Where do you see if it's split of full tunnel client ?

I think full tunnel, but I don't see this option in the VPN Client / IPsec Settings webpage.

 

For the Site-to-Site VPN, The Inbound firewall logging is Enable, but there are no rules in the Site-to-site outbound firewall.

 

PhilipDAth
Kind of a big deal
Kind of a big deal

That should work.

 

On site 2, if you look in the route table for the client VPN subnet does it show a route via site 1?

LucL
Here to help

Hi @PhilipDAth ,

 

No, I don't see this route with the client VPN.

Here is the route table for the site 2:

LucL_0-1660746454269.png

 

PhilipDAth
Kind of a big deal
Kind of a big deal

172.16.2.0/24 is in the route table (second to bottom).

 

Have you got a second client you can test with?  I'm most suspicious of the computer running the client VPN having the issue.

LucL
Here to help

Oh yes I didn't see it

Ok I will try this week-end at home and I will come back to you next week 🙂

 

Thank you for the response !

LucL
Here to help

I have tried with a other computer, I got the same issue.

I can't have access to the second site with the VPN.

 

For your information, firewall are in MX.16.16.4

 

Luc

LucL
Here to help

Does anyone know how to have access to the route log, if I can see something ?

 

Luc

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels