client VPN cannot access non meraki site to site VPN

hmc250000
Getting noticed

client VPN cannot access non meraki site to site VPN

I cannot access a non meraki site to site VPN (between meraki and cisco asa) unless I enable (advertise) the client VPN subnet under VPN settings. However when I enable the client VPN subnet VPN clients can no longer reach some of the static routes configured to other internal routers and firewalls. 

 

Is there anyway I can fix this?

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Are some of the subnets overlapping?

 

Advertising the VPN subnet should have no impact on static routing.

hmc250000
Getting noticed

Yes, some of the subnets are overlapping. The summarized subnet is enabled (or advertised) in Meraki VPN settings however the smaller subnet is not.

 

for example

specific subnet 172.16.1.1 mask 255.255.255.0

summarized subnet 172.16.0.0 mask 255.255.0.0

 

Should I advertise the smaller subnet? the summarized should work regardless right?

PhilipDAth
Kind of a big deal
Kind of a big deal

I don't know enough about your network, but worth a try.  You can always roll the change back.

hmc250000
Getting noticed

Resolved now. Sorry this was a misconfiguration on our part. A more specific route was incorrectly added in a site to site VPN.

 

 

Can't find a way to delete this.

You can delete this

Get notified when there are additional replies to this discussion.