Forum Discussion
Unable to connect to resources via site to site vpn using Meraki VMX100
Hope you’re well.
Can you confirm your route tables and that they’re connected to the correct subnets?
I’m not familiar with the Meraki vmx specifically but will try to assist.
Thanks
My route tables look correct. I've attached a network diagram. If you look at the diagram, it's the part at the top, in azure, where the two way connection is not happening. The Azure resources are not passing traffic back to the vmx.
According to cisco, there is 2 way communication between the azure vmx and the on premise Meraki
- Thanks for sharing the diagram.
So if I read it right Your EliteU subnet should have a route table attached that looks a bit like:
- 0.0.0.0/0 > Next Hop Appliance: 10.0.9.4
Can you ping the internal interface of the VMX from the EliteU subnet? Can you do a tracert to the internet, Google or something and post the results? That’s assuming internet traffic is running via the VMX.
Also, sorry, could you confirm your address space in your azure VNET is? As the default 10.0.0.0/16 would overlap with your on-premise.
Edit: corrected as I misread diagram.The meraki vmx100 is not supposed to route to the internet. It is being used as a vpn concentrator and routes outgoing traffic to my on premises (HQ) Meraki. I am able to ping thru the vpn tunnel to the Hq Meraki via IP address. I am also able to ping from HQ up the tunnel to the IP address of the vmx100. The tunnel is passing traffic, the issue seems to be with the Azure resource routing to the vmx100
I can't ping the vmx100 from the VM that I have set up. Here is the route table I have set up for the vnet/subnet that the VM I'm trying to reach is on.
Please dont get confused by the name of the vnet. There is NO bastion attached to that network anymore. The VM that I'm trying to RDP to is part of the subnet that this table is associated to.
