I have set up a non-meraki vpn tunnel.
I cannot figure out how to include the client vpn network range on the tunnel configuration. it only allows me to choose existing meraki networks but there is no option for the client vpn range.
Solved! Go to Solution.
I'm a bit grey on this one, but I'm about 75% sure that no matter what you configure, ClientVPN can not be used to access remote resource on the other side of a non-meraki VPN.
Put the client VPN VLAN in a static route under "VLANS-Routes" and make the next hop IP the range of the destination subnet of the non-Meraki peer.
I'm think you are right. For the MX devices the Client VPN is just a "local network".
I think the important part of the configuration is on the NON meraki peer since it needs a route back to the MX for all your subnets if this does not work when including it.
EDIT: quick Google search: I think you are looking for this
here is the answer supplied by Meraki Support:
In order to advertise the addresses from a Meraki client VPN to the non-Meraki devices, go to Security Appliance > Configure > Site to Site VPN, and then under VPN Settings and then Local Networks, you'll see the IP range there(Currently the range is set to 192.168.55.0/24) and then set Use VPN to "Yes".
my issue with the whole thing is how disjointed things are to simply create a vpn tunnel. I have general complaints about the process with Meraki. sometimes it is an improvement to do things differently than others, but in the case of VPN, which is built on a standard, its weird and frustrating that the various pieces necessary for building a tunnel are in different places. Its not built using a straight-foward workflow for the various steps required.
Also a complaint, since I'm already ranting: when I created the non-meraki tunnel I added two Meraki sites. this visually appears to be one tunnel with two network ranges. but that's not what's happening under the hood. Its actually building two separate tunnels from each device. That took a lot of time to figure out...and its silly.
thus endeth the rant.
You just need to add the Private Subnet for the Client VPN on the:
- Organization-wide settings
- Options in this section apply to all VPN peers in this organization.
- Non-Meraki VPN peers
add there that Client VPN subnet and all the VPN Client Traffic will be allowed to see the other end of the tunnel.