CLIENT VPN not working.

Solved
Marcel_Smal
Here to help

CLIENT VPN not working.

Good day Community,

 

I need help with something. 

 

Here is my design:

 

Marcel_Smal_0-1702052585694.png

 

Now I am trying to get a vpn connection from the internet to the Client VPN however I am not seeing any of this traffic. I setup port forwarding but still cant see anything.

 

Can someone please help me out!

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

The only thing I can suggest is that you do the troubleshooting.

 

Check the error code on the client system.

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal

Are you using the L2TP connection or Anyconnect?
 
Is your MX's WAN configured with a public IP or is it behind a NAT (Private IP)?
 
If it is an L2TP connection and the WAN is configured with a private IP (NAT) or even CGNAT, the Client VPN will not work.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

Upstream NAT/Firewall Issue on the MX
If your MX is behind a NAT device (for example, an upstream router or ISP modem), the MX uplink IP might have a private IP in the 172.16.X.X or 192.168.X.X or 10.X.X.X subnet range. Ensure UDP traffic on ports 500 and 4500 is being forwarded to the private uplink IP address of the MX.

 

Unable to Connect to Client VPN from All Devices - Cisco Meraki

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Marcel_Smal
Here to help

Hi Alemabrahao,

 

Yes the 2MX CLUSTERS is behind a upstream router.

 

Now I have configured the following on the cisco router before posting on here for support:

ip nat inside source static udp X.X.99.66 (PRIVATE IP OF MX) 500 (PUBLIC IP) extendable

ip nat inside source static udp X.X.99.66 (PRIVATE IP OF MX) 4500 (PUBLIC IP) 4500 extendable
ip nat inside source static tcp X.X.99.66 (PRIVATE IP OF MX) 1701 (PUBLIC IP) 1701 extendable

But still it seems not to work?

alemabrahao
Kind of a big deal
Kind of a big deal

The only thing I can suggest is that you do the troubleshooting.

 

Check the error code on the client system.

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ww
Kind of a big deal
Kind of a big deal

Do you test from the internet side. Or from a client on the lan side of that mx

Marcel_Smal
Here to help

Hi there ww,

 

I am at home and trying to make a vpn connection from my laptop to the the Client VPN that I configured on the MX cluster.

 

 

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

Are there any ACLs on the routers which might not be allowing the traffic?

Marcel_Smal
Here to help

This was a issue with my windows laptop and not with the VPN. I had to add a registry entry to my laptop for this to work! I am glad that is now working.

 

https://www.systweak.com/blogs/fix-vpn-809-error-on-windows/

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels