Meraki Community

Hi @etw , I applaud you on the troubleshooting you’ve done so far and appreciate that you’re probably under pressure to get this up and running but all I can advise here is to focus on a particular site first.

What clients and OS will your users be connecting to site A?  What VPN client will they be using?  Hone in on those use cases and troubleshoot just using those otherwise you’re going to end up down a rabbit warren.

Are you check it the same with your ISP Team , is that not blocking.

Or raised a complaint with ISP Team?

If you are using the Windows client VPN - make sure the local subnet in use does not overlap with the remote subnet you are trying to access - otherwise it won't work.

Also consider buying some Cisco Secure Client AnyConnect licences.  AnyConnect is WAY more robust and works in a lot more cases.  It also supports SAML you can can authenticate using things like Entra ID and use the MFA that it provides.

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance

 Perhaps one should use another router or contact the company and ask whether they configure port 4500 to be closed. Other benefits that came to the mind included the fact that working on one site at a time could minimize on complications.

I have had issues before when trying to connect to VPN when multiple people were trying to connect from the same network. I.e. the first connection would work fine, but then when someone else tried to connect from the same WiFi network, that connection would fail. These were Mac's, but it happened on iOS as well. I think Meraki does some magic that doesn't work well when multiple connections are coming from the same location. They probably don't expect that to be normal behavior or something. The only solution I found was to move over to Cisco Secure Client AnyConnect app.

Thanks for all of yours advise. I did lot of testing ad found my ISP blocked UDP 4500 port for some special reason. It is not related with MX settings.