Meraki

Community

no acces to corporate hosts.. no default gateway with client VPN connection

sergiy
Comes here often
‎Nov 29 2018 6:45 AM
‎Nov 29 2018 6:45 AM

no acces to corporate hosts.. no default gateway with client VPN connection

Hi All,

I enabled client VPN on MX250. And have the next situation. The user can connect to this VPN, can use the Internet. But cannot connect to any corporate hosts. By the way, client default gateway is 0.0.0.0 

There are no any additional rules on the firewall, no any additional routes.

How I can config routing between Client VPN network and my Corporate Network (only one line in Addressing config)?

I cannot add any routes with a network like a client VPN network.

 

Thanks,

Sergiy.

0 Kudos
9 Replies 9
NolanHerring
Kind of a big deal
‎Nov 29 2018 7:01 AM
‎Nov 29 2018 7:01 AM

Can you provide a screenshot of how you have your Addressing & VLAN config page setup
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
In response to NolanHerring
sergiy
Comes here often
‎Nov 29 2018 7:19 AM
‎Nov 29 2018 7:19 AM

hi, nothing special....

Addressing & VLANs - Meraki Dashboard.pngClient VPN Configuration - Meraki Dashboard.png

0 Kudos
In response to sergiy
jdsilva
Kind of a big deal
‎Nov 29 2018 7:31 AM
‎Nov 29 2018 7:31 AM

You don't have any oddball firewall rules that are blocking this by chance?

 

And when you say they can't connect, what do you mean by that? What are you trying to do exactly that's not working?

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
In response to jdsilva
sergiy
Comes here often
‎Nov 29 2018 8:14 AM
‎Nov 29 2018 8:14 AM

firewall rules are - allow all

 

info from client (VPN connected):

Адаптер PPP meraki:

   DNS-суффикс подключения . . . . . :
   Описание. . . . . . . . . . . . . : meraki
   Физический адрес. . . . . . . . . :
   DHCP включен. . . . . . . . . . . : Нет
   Автонастройка включена. . . . . . : Да
   IPv4-адрес. . . . . . . . . . . . : 192.168.1.125(Основной)
   Маска подсети . . . . . . . . . . : 255.255.255.255
   Основной шлюз. . . . . . . . . : 0.0.0.0
   DNS-серверы. . . . . . . . . . . : 10.10.1.1
                                       10.10.1.2
   NetBios через TCP/IP. . . . . . . . : Включен

 

 

c:\Users\User>ping 10.10.1.1

Обмен пакетами с 10.10.1.1 по с 32 байтами данных:
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.

Статистика Ping для 10.10.1.1:
    Пакетов: отправлено = 2, получено = 0, потеряно = 2
    (100% потерь)
Control-C
^C
C:\Users\User>ping 8.8.8.8

Обмен пакетами с 8.8.8.8 по с 32 байтами данных:
Ответ от 8.8.8.8: число байт=32 время=39мс TTL=42
Ответ от 8.8.8.8: число байт=32 время=37мс TTL=42
Ответ от 8.8.8.8: число байт=32 время=36мс TTL=42

Статистика Ping для 8.8.8.8:
    Пакетов: отправлено = 3, получено = 3, потеряно = 0
    (0% потерь)
0 Kudos
In response to sergiy
NolanHerring
Kind of a big deal
‎Nov 29 2018 8:19 AM
‎Nov 29 2018 8:19 AM

Can you provide a full ipconfig/all output please
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
In response to NolanHerring
sergiy
Comes here often
‎Nov 30 2018 1:47 AM
‎Nov 30 2018 1:47 AM

HI 

 

> ipconfig /all

Настройка протокола IP для Windows

   Имя компьютера  . . . . . . . . . : nb7
   Основной DNS-суффикс  . . . . . . : soft.local
   Тип узла. . . . . . . . . . . . . : Гибридный
   IP-маршрутизация включена . . . . : Нет
   WINS-прокси включен . . . . . . . : Нет
   Порядок просмотра суффиксов DNS . : soft.local

Адаптер PPP meraki:

   DNS-суффикс подключения . . . . . :
   Описание. . . . . . . . . . . . . : meraki
   Физический адрес. . . . . . . . . :
   DHCP включен. . . . . . . . . . . : Нет
   Автонастройка включена. . . . . . : Да
   IPv4-адрес. . . . . . . . . . . . : 192.168.1.125(Основной)
   Маска подсети . . . . . . . . . . : 255.255.255.255
   Основной шлюз. . . . . . . . . : 0.0.0.0
   DNS-серверы. . . . . . . . . . . : 10.10.1.1
                                       10.10.1.2
   NetBios через TCP/IP. . . . . . . . : Включен

Адаптер беспроводной локальной сети Беспроводная сеть:

   DNS-суффикс подключения . . . . . :
   Описание. . . . . . . . . . . . . : Realtek RTL8723AU Wireless LAN 802.11n USB 2.0 Network Adapter
   Физический адрес. . . . . . . . . : 2C-D0-5A-E6-60-38
   DHCP включен. . . . . . . . . . . : Да
   Автонастройка включена. . . . . . : Да
   IPv4-адрес. . . . . . . . . . . . : 192.168.100.56(Основной)
   Маска подсети . . . . . . . . . . : 255.255.255.0
   Аренда получена. . . . . . . . . . : Friday, November 30, 2018 10:58:06
   Срок аренды истекает. . . . . . . . . . : Friday, November 30, 2018 11:43:05
   Основной шлюз. . . . . . . . . : 192.168.100.1
   DHCP-сервер. . . . . . . . . . . : 192.168.100.1
   DNS-серверы. . . . . . . . . . . : 8.8.8.8
                                       
   NetBios через TCP/IP. . . . . . . . : Включен
0 Kudos
In response to sergiy
NolanHerring
Kind of a big deal
‎Nov 29 2018 7:36 AM
‎Nov 29 2018 7:36 AM

Out of curiosity, the client that is VPN into your network. What is their local subnet setup for? Is it also 192.168.1.0/24 ?
Nolan Herring | nolanwifi.com
TwitterLinkedIn
In response to NolanHerring
jdsilva
Kind of a big deal
‎Nov 29 2018 7:38 AM
‎Nov 29 2018 7:38 AM

@NolanHerring wrote:
Out of curiosity, the client that is VPN into your network. What is their local subnet setup for? Is it also 192.168.1.0/24 ?

Hah! Nice catch. I looked at that and it didn't even register. 

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
In response to jdsilva
NolanHerring
Kind of a big deal
‎Nov 29 2018 7:40 AM
‎Nov 29 2018 7:40 AM

Luckily I had coffee this morning otherwise I too would never have thought to ask lol
Nolan Herring | nolanwifi.com
TwitterLinkedIn
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.