Brandon Nutter
asked on
Always on VPN Routing issues
I have a Always on VPN in Server 2016 setup and am having issues with the remote clients accessing the production network through the VPN . Here is an example of my setup:
Prod network - 10.1.1.*
DMZ Network - 172.10.1.*
RAS VPN Static pool - 10.10.1.*
VPN server is on domain, has a prod network address, and DMZ address.
The VPN is currently working in the aspect that when i connect to the VPN from my Windows 10 machine(On external network), the Win 10 machine gets a 10.10.1* address. But that 10.10.1.* subnet cannot access the prod network. Do I need to setup Static routes on the VPN server to be able to get to the prod network?
Prod network - 10.1.1.*
DMZ Network - 172.10.1.*
RAS VPN Static pool - 10.10.1.*
VPN server is on domain, has a prod network address, and DMZ address.
The VPN is currently working in the aspect that when i connect to the VPN from my Windows 10 machine(On external network), the Win 10 machine gets a 10.10.1* address. But that 10.10.1.* subnet cannot access the prod network. Do I need to setup Static routes on the VPN server to be able to get to the prod network?
What is the IP range on your router when you're NOT connected to the VPN? Just want to be sure there's no conflict. But yes, it's worth asking about routing rules between the networks.
ASKER
masnrock - If you are talking about the range when external to the network, its a random Meraki DHCP scope. 10.75.*.*.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Owen, Excuse my lack of knowledge in network routing knowledge. I am fairly new to this level of networking. I wanted to keep the VPN users on a seperate subnet to try any limit what they have access to.
Where would I implement the Static routes? On the VPN server, or on our Meraki firewall?
Where would I implement the Static routes? On the VPN server, or on our Meraki firewall?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No one else answered, and this will work, but more info was needed.