Weird Routing Behaviour

JonnyTec
New here

Weird Routing Behaviour

I have just replaced a Draytek for a Meraki MX68. The internal network range is 192.168.1.0/24, the MX is on .254, same as the old Draytek. I have another network accessible via a Cisco Router (i don't manage this) connected to my switch, Switch IP is 192.168.1.40. The router for this network is IP 192.168.1.57, the other network behind this (a manafacturing system) is addressed 10.101.0.0/16.

 

I can access the 2 devices in the 10.101.0.0 (10.101.50.1 / 10.101.50.2) network from 192.168.1.0/24 without issue, mapped drives etc software runs that accesses this platform etc no issues.

 

I have just setup a remote access VPN on the Meraki, the subnet I've setup for this is 192.168.2.0/24.

 

From the VPN I can access all devices in the 192.168.1.0/24 network, with no issues at all. I am unable to talk to any devices on the 10.101.0.0 network.

 

The MX has a static route added to 10.101.0.0/ 16 via 192.168.1.57.

 

What could be the issue stopping me reaching 10.101.0.0 network?

 

Any help appreciated.

3 REPLIES 3
Ryan_Miles
Meraki Employee
Meraki Employee

Does the router 192.168.1.57 know how to reach the 192.168.2.0/24 client VPN subnet?

Hi Ryan - your first question:

Do you have the static route set for VPN mode enabled?

 

Where is that settings, If I've set a static route isn't that the same? IS there a VPN routing section?

 

Second Question:

 

The 192.168.1.57 router has the meraki set as it's DG, I assume....(have no access to this currently)

ww
Kind of a big deal
Kind of a big deal

Sounds like the other router doesnt know the way back to 192.168.2.0/24

 

Make a packet capture on the lan where that router is connected. Start a ping from a vpn client . Look if the icmp traffic if it is send on the lan to that 192.168.1.57 router and if you receive return traffic  back to that vpn client

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels