Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Kevlarski

#1
This has been resolved with the help of Meraki support.
#2
23.7 Legacy Series / Routing Issues with VPN from Meraki
February 06, 2024, 09:07:14 AM
Hi,
I'm using OPNsense as a virtual firewall for internal subnet routing.
Data (VLAN1) can communicate with Application (VLAN2)
Application can communicate with Data.
Meraki is on VLAN1.  Both of these Subnets are using LAN interfaces.  WAN uses a different interface and VLAN (20).  Data has a gateway that is current on both Meraki (x.x.x.254) and OPNsense (x.x.x.253).  OPNsense sends WAN through the WAN interface and this works via a seperate Meraki interface (VLAN20).
Legacy Data clients have their gateway as the Meraki Data Gateway.
Meraki has a static route to Application using the Data Gateway on OPNsense (x.x.x.253)
Legacy Data clients can ping the Data gatway and the Application gateway (and all clients on those subnets)
Site-to-Site VPN could not ping the Data Gateway on OPNsense (x.x.x.253)
Cisco Anyconnect clients could not ping the Data Gateway on OPNsense (x.x.x.253)
Added the Branch subnets that use Site-to-Site VPN to the Routes Config pointing to Meraki Gateway (x.x.x.254)
Site-to-Site VPN can now ping the Data Gateway on OPNsense (x.x.x.253)
Added anyconnect subnet to routes and now they can ping the Data Gateway on OPNsense (x.x.x.253)

I cannot work out how to get the VPN traffic to be able to access the Application subnet.  Can you help me work out what I've missed please?

Thanks
Kev