11-15-2014 05:01 PM
I tested RAPNG demo with distributem, l3.
Contreller - internet - firewall(only PAT) - IAP - 10.254.0.0/25(distribute, L3)
I checked IAP table at Controller, and OK,
I checked dhcp-allocation at IAP, and OK.
It does ping IAP to local device, but not OK,
*exam. IAP(10.254.0.1/25) -> device(10.254.0.10) | not OK.
But, it does devce(10.254.0.10) -> 10.254.0.1/25) | OK
Why doesn't local ping from IAP to device?
Solved! Go to Solution.
03-24-2015 02:57 PM
any comments on this?
We are seeing simliar issues with Distrubuted L3 scopes, that the Clients on the Distributed L3 subnet cant reach other. We can reach all from the inside an over the VPN tunnel, and the clients on the L3 can reach coporate resources over the VPN tunnel and internet access without any issues, they just can reach each other on the same subnet.
But if we in the VPN routing policy force the L3 subnet to be routed locally with a route of X.X.X.X/XX -> 0.0.0.0./0 the clients can reach each other, is this really by design and how it is supposed to work?
any thoughts and comments are welcome.
03-26-2015 11:56 PM
Yes, we need to add a policy in the VPN route to allow all the subnets which you want to allow through the tunnel, otherwise traffic will not be allowed through the tunnel.
This can be fixed by adding a route in the VPN tunnel routing table.
[Is my post helped you ? Give Kudos :) ]
03-27-2015 01:01 AM
I guess maybe i was unclear or something, the problem isnt that the traffic not going through the tunnel the problem is that they cant reach other on the distributed L3 subnet localy out on the ap between wired and wireless on the same distributed subnet without forcing the ap to route it locally by adding the subnet to the vpn routing table and destination 0.0.0.0/0 which does this. Without that clients cant reach other between wired and wireless on the same distributed L3.