VPN client to access NAS drive on local VLAN

ErnstTFD
Getting noticed

VPN client to access NAS drive on local VLAN

Hello,

 

How do I allow a VPN client with IP adress 192.168.5.118 to have access to a NAS drive located at 192.168.1.3 on the local VLAN?

 

Note: Meraki does not allow client VPN to use the same subnet/vlan as a local vlan.

 

Thanks.

10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal

@ErnstTFD,

 

If you don't have any ACL to block It, It should work. So I suggest you open a case with Meraki.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

Restricting Client VPN access using Layer 3 firewall rules

 

Client VPN users may access all subnets within the network by default. In order to control or restrict access for Client VPN users, firewall rules should be implemented.

 

Layer 3 firewall rules are a powerful tool for permitting and denying Client VPN traffic. Although Client VPN users are considered part of the LAN, network administrators may see a need for limiting overall access. Firewall rules can be used to limit access for VPN users to specific addresses/ports or ranges of addresses. Such as allowing access to most information, but denying access to sensitive resources to VPN users.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ErnstTFD
Getting noticed

This is not true: "Client VPN users may access all subnets within the network by default." If it is show me how. I cannot do it.

It's true man, I've already configured several networks with Client VPN and I'm 100% sure. I just validated in one of the organizations I have access to.

I suggest you review your settings.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Here you can see I am connected to the VPN, but I cannot trace the VLAN.

Capture11.PNG

Here you can see my IP that was assigned by the Meraki VPN, so the connection is live.

Capture12.PNG

Here is my settings for the Client VPN, what do you suggest that I change?

Screenshot 2022-10-17 144313.png

@ErnstTFD,

 

First, you must start with the basics. From your screenshot, I can see that this traffic is not being routed correctly. I remember you once informed me that your ISP's link is configured with CG-NAT, so this seems to me to be something related to your ISP.

The settings I mentioned would be the ACLs, as the VPN configuration is relatively simple.

So I suggest you check with your ISP.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Is it possible that somehow the route from the client VPN got deleted manually by accident?  For me it created this route by default (under Security & SDWAN -> Route Table) 

GregCostanzo_0-1666012910102.png

 

It's not possible to delete unless you disable VPN. For me It's a ISP issue.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

192.168.1.0/24 is a common subnet used by home users.

 

If you are using 192.168.1.0/24 from where you are initiating the client VPN, you won't be able to access a server with a 192.168.1.0/24 address.

 

You would need to change one of the subnets.

@PhilipDAth,

 

I don't think that is the problem, he is using the subnet 192.168.1.0/24 in his office. I use the subnet 192.168.1.0/24 too and I had no issues.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels