Meraki

Community

vMX100 in Azure - Client VPN - can't ping MX

Solved
Poom22
Here to help
‎Mar 26 2020 6:42 AM
‎Mar 26 2020 6:42 AM

vMX100 in Azure - Client VPN - can't ping MX

This is a duplicate of https://community.meraki.com/t5/Security-SD-WAN/Azure-vMX-100-Unable-to-ping-vmx100-in-Azure-when-co... but the solution there does not work for myself and some others in that thread

 

I have a vMX100 in Azure 

Deployed to Vnet address space 10.101.0.0/16 ( adding address space for client vpn was the fix above ) 

IP 10.101.1.4

Deployed Client VPN Range 10.101.3.0/24 - Connects well and gets IP, i've set to split tunneling mode and done the reg fix in the setup guide

Added the MX range 101.101.1.0/24 in local networks - in VPN ON


But simply can't ping the MX on internal address on the client VPN

 

I have tried to add client VPN range as a subnet in the Azure VNET so it can 'register ' that as a location that exists but it still doesn't work

 

I have added routing for the client VPN range to go to the vMX100 but it cant even ping it so I know that wont do anything

 

Meraki support say Azure routing issue so can't help further

 

Anyone got round this ? 

 
 

 

 

 

0 Kudos
1 Accepted Solution
In response to PhilipDAth
Poom22
Here to help
‎Mar 27 2020 3:35 AM
‎Mar 27 2020 3:35 AM

Solved this in the end, 

 

https://imgur.com/a/GmP0gTa

 

These routes fixed it above, applying to client VPN subnet ( 101.3 )  and gateway subnet to work with my MS Express route 

I never could ping he MX Natted IP in the end on it's private IP but seemed to work in the end 

This is probably really stupid but once I woke up and realised that the MX had to have it's own IP in the Client VPN range, I figured the Azure routing out, I was trying to route traffic via the main Natted IP of the MX I set in the config, but really I needed to do it via this hidden client vpn IP of the mx I didnt know existed 

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 26 2020 10:50 AM
‎Mar 26 2020 10:50 AM

You should definitely be able to ping the MX's internal IP address from the client VPN.

 

This suggests to be their is something wrong on the client side.  Does this work when you are doing a full tunnel?  If it does - then it is something wrong with the split tunnel configuration.

0 Kudos
In response to PhilipDAth
Poom22
Here to help
‎Mar 26 2020 2:06 PM
‎Mar 26 2020 2:06 PM

Full Tunnel doesn't work, can't ping gateway still 

 

LAN Packet capture doesnt register anything


Tried a couple of Client devices and all the same

 

I've seen a few people saying they added the client VPN range into the address space of the VNET individually , which is the only thing i Haven't done as I have a supersubnet in there 10.101.0.0/16  which contains my client VPN range,  but this would mean i'd have to remake it all to rejig it around, and doens't really make sense why that would work anyway, so a bit lost here 

0 Kudos
In response to PhilipDAth
Poom22
Here to help
‎Mar 27 2020 3:35 AM
‎Mar 27 2020 3:35 AM

Solved this in the end, 

 

https://imgur.com/a/GmP0gTa

 

These routes fixed it above, applying to client VPN subnet ( 101.3 )  and gateway subnet to work with my MS Express route 

I never could ping he MX Natted IP in the end on it's private IP but seemed to work in the end 

This is probably really stupid but once I woke up and realised that the MX had to have it's own IP in the Client VPN range, I figured the Azure routing out, I was trying to route traffic via the main Natted IP of the MX I set in the config, but really I needed to do it via this hidden client vpn IP of the mx I didnt know existed 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.