0

This isn't really a problem, I more than anything am trying to understand. The network I inherited and work on with another tech who built it is primarily Meraki. There are about 35 sites that interconnect with Meraki's site to site VPN's setup with all the endpoints running as Hub (Mesh).

The client vpn's use the native windows client. They connect to one of the sites that actually isn't the primary location which I suppose doesn't matter.

Recently I was looking into a different issue and ran a tracert from my off-prem client machine connected to the VPN. I somewhat understand that this wouldn't provide a lot of info because it should only show the hops in between the site I'm connected to and the destination ip\device.

That said, it is showing a hop of 192.168.100.1.

What is weird is that is a subnet not in use anywhere in the organization. It's not in any ARP or Route tables on ANY of the sites networks. The 'modem' of the site the client vpn connects to is one of those ATT modems that is the modem\router\wifi ap all in one jobs but IP-Passthorugh is configured.

Though I got here troubleshooting a lot of dropped packets and interruption of the site-to-site vpn in the Meraki log. It turns out it was the secondary internet which is a cellular cradlepoint. The other tech shut that interface down and the issues cleared up but I still see that 'unknown' hop. The other tech said that was the end point at our corp location where the machine I was tracerting to is located and said that hop with the unknown subnet was that endpoint but that endpoint is on 192.168.15.0. which to me doesn't make any sense.

So I'm really just trying to figure out why that unknown subnet is a hop, for my own edification.

Thank you for reading. I appreciate any help understanding this better.

russtoleum
  • 1
  • I would suggest checking your network again. Probably something you missed. Do a complete discovery. If you want to do more targeted discovery, check each hop on your traceroute and find what they point to for the next hop. – Abu Zaid Jul 17 '22 at 19:15
  • Thanks, I will. I sent my detailed findings to the other tech who built the network and he can't explain it either. But from your response, I get the sense that this doesn't make sense and I should see that subnet somewhere. I thought maybe meraki does some weird stuff you don't see with client VPN's. The client VPN does connect to one of the spokes, not the primary location. When doing a tracert on-prem on that spoke network, the unexplained subnet isn't present in the tracert. Either way, thanks for responding. – russtoleum Jul 18 '22 at 20:22
  • The other tech found it, something I don't have access to, it makes sense now. Apologies for muddying the waters. – russtoleum Jul 18 '22 at 23:28
  • No worries. Remember, It is not possible for standard Network devices to insert hops when traffic passes through them. – Abu Zaid Jul 21 '22 at 12:35

0 Answers0