Meraki

Community

VPN VLAN Issue - Cannot Ping clients between VLANs

GenoBlack
Here to help
‎Feb 29 2020 11:37 AM
‎Feb 29 2020 11:37 AM

VPN VLAN Issue - Cannot Ping clients between VLANs

Greetings.

 

 

Fairly basic issue but I can't seem to place the issue reading the documentation.  I setup Client VPN on my MX84 and it's working fine on my win 10 machine with an up to date OS.  I’ve configured the MX 84 to give out a DCHP range of 10.1.1.0/24 over VLAN 1. My VPN Client setup is VLAN 9 and giving out 10.9.1.0/24. All is well with addressing and I can ping the gateway of 10.1.1.1 when connected via VPN. However, I cannot ping or connect to clients in VLAN 1. I have the Client VPN setup to allow LAN. Can you help me define what I am missing?

Thank you in advance

0 Kudos
6 Replies 6
BrechtSchamp
Kind of a big deal
‎Feb 29 2020 12:11 PM
‎Feb 29 2020 12:11 PM

Is the MX84 the default gateway for devices on VLAN 1? Are the devices you're trying to ping configured to respond to pings from outside their own subnet?

 

If on Windows:

https://www.faqforge.com/windows/windows-10/how-to-allow-ping-trough-the-firewall-in-windows-10/

 

Also, if those devices have any other SW firewalls installed, you may have to disable those or edit their settings too.

In response to BrechtSchamp
GenoBlack
Here to help
‎Feb 29 2020 3:06 PM
‎Feb 29 2020 3:06 PM

Thank you. 

 

So here is other dynamic.  There is currently no Domain.  So there is no group policy. There will be soon but one step at a time.

 

I will check the setting on the client.  I know mine allows pings.  I'll take a look and thank you again.

 

P.S. The MX84 is the default gateway for all devices on VLAN 1 yes

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 29 2020 1:01 PM
‎Feb 29 2020 1:01 PM

The client VPN subnet should be unique and not in use anywhere else on your network.  It should not be assigned to any VLAN.

In response to PhilipDAth
GenoBlack
Here to help
‎Feb 29 2020 3:10 PM
‎Feb 29 2020 3:10 PM

Thank you much for your reply.

 

So I definitely have the VPN set to issue IPs not anyone else on the network. The 10.9.1.0 subnet is unique.  I set it up as a separate vlan only because I thought it was best practice.

 

 

0 Kudos
In response to PhilipDAth
GenoBlack
Here to help
‎Feb 29 2020 3:57 PM
‎Feb 29 2020 3:57 PM

So looking at my config again, I do not have the VPN on VLAN.  It is on a different subnet (defined).  Again, I can ping that gateway, but I can't see or ping that desktop.  

0 Kudos
GenoBlack
Here to help
‎Feb 29 2020 4:04 PM
‎Feb 29 2020 4:04 PM

Alrighty all.

 

I want to thank you for your tips and guidance.

 

I am smarter than I thought I was, yet still pretty dumb, because I attempted to remote in to the client in question and it worked.  Though I couldn't ping it, I could remote, proving my Client VPN can share resources between the subnets,

 

(I had previously allowed remote access on the PC in question)

 

The ping issues must indeed be the client firewall configurations.  So I am in business.  I guess I should have tried the ultimate goal before thinking I had an issue.

 

I might still enable Ping through group policy when I roll out Azure AD but for now I am good.

 

Thank you again for your help.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.