Cannot connect to computers on client VPN

ShenSimps
Here to help

Cannot connect to computers on client VPN

Hi, we have recently replaced our office firewall with a Merki MX.  I wrote a powershell scirpt to create a client VPN connection to the Meraki, and this is working for the most part, however there are two issues I am having some trouble with.  

First we cannot ping or connect to computers on the client VPN.  VPN clients can connect to our local network but not to other computers on the VPN and office computers also cannot connect to computers on the VPN.  I have tried disabling the Windows firewall, and gone through the Meraki VPN setting but so far I am stumped.

I have also not been able to get computers on the VPN to registery there IP addresses with the DNS server.  I found a blog post discussing this, and the recommendation was to edit the "rasphone.pbk" files setting the IPDNSFlags parameter to 3

 

$RASPhoneBook = "C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk"
(Get-Content $RASPhoneBook) -Replace 'IpDnsFlags=0', 'IpDnsFlags=3' | Set-Content $RASPhoneBook

 

This did set the TCP/IPv4 DNS settings for the connection to register the IP with DNS, but so far it is not working.

Thanks in advance for any help you can offer!

6 Replies 6
Doug100
Here to help

Hi, have you a route back from your internal network to the vpn client is range?

BlakeRichardson
Kind of a big deal
Kind of a big deal

Are the remote computers running their own internal firewalls that could be blocking traffic?

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
JamesFlorance
Here to help

What method of user authentication are you using for the vpn?

If using Meraki for the VPN and windows for everything else you need to set.

 

(Get-Content -path $PbkPath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -pat $PbkPath

SopheakMang
Building a reputation

Is there any policy in place ?
check Routing that might conflict between VPN client subnet also Internal Subnet.

if still not work , open case to make sure config on MX is correct , then you can only focus to troubleshoot on VPN client
ShenSimps
Here to help

Hey Guys thanks for the replies.  The Meraki is acting as the gateway router for the internal computers, so it doesn't seem like it could be a routing problem.  Also VPN computers can connect to the internal network.

 

VPN clients are authenticating against radius with their Windows credentials,  and an authentication problem wouldn't seem to explain not being able to ping other computers.

 

I don't have any policies applied to the VPN network, and I have tried disabling the windows firewall....

 

I guess I'll open a ticket on this... I'll reply back when I get a solution.

 

Thanks,

ShenSimps
Here to help

Looks like the problem here was with Symantec. Our symantec antivirus includes its own firewall settings and was blocking the IP subnet on the meraki VPN.  Adding a rule to allow this subnet fixed the problem.  Thanks for all of the replies and help!

Get notified when there are additional replies to this discussion.