Hello,
How do I allow a VPN client with IP adress 192.168.5.118 to have access to a NAS drive located at 192.168.1.3 on the local VLAN?
Note: Meraki does not allow client VPN to use the same subnet/vlan as a local vlan.
Thanks.
If you don't have any ACL to block It, It should work. So I suggest you open a case with Meraki.
Client VPN users may access all subnets within the network by default. In order to control or restrict access for Client VPN users, firewall rules should be implemented.
Layer 3 firewall rules are a powerful tool for permitting and denying Client VPN traffic. Although Client VPN users are considered part of the LAN, network administrators may see a need for limiting overall access. Firewall rules can be used to limit access for VPN users to specific addresses/ports or ranges of addresses. Such as allowing access to most information, but denying access to sensitive resources to VPN users.
This is not true: "Client VPN users may access all subnets within the network by default." If it is show me how. I cannot do it.
It's true man, I've already configured several networks with Client VPN and I'm 100% sure. I just validated in one of the organizations I have access to.
I suggest you review your settings.
Here you can see I am connected to the VPN, but I cannot trace the VLAN.
Here you can see my IP that was assigned by the Meraki VPN, so the connection is live.
Here is my settings for the Client VPN, what do you suggest that I change?
First, you must start with the basics. From your screenshot, I can see that this traffic is not being routed correctly. I remember you once informed me that your ISP's link is configured with CG-NAT, so this seems to me to be something related to your ISP.
The settings I mentioned would be the ACLs, as the VPN configuration is relatively simple.
So I suggest you check with your ISP.
Is it possible that somehow the route from the client VPN got deleted manually by accident? For me it created this route by default (under Security & SDWAN -> Route Table)
It's not possible to delete unless you disable VPN. For me It's a ISP issue.
192.168.1.0/24 is a common subnet used by home users.
If you are using 192.168.1.0/24 from where you are initiating the client VPN, you won't be able to access a server with a 192.168.1.0/24 address.
You would need to change one of the subnets.
I don't think that is the problem, he is using the subnet 192.168.1.0/24 in his office. I use the subnet 192.168.1.0/24 too and I had no issues.