Cannot connect to computers on client VPN

ShenSimps
Here to help

Cannot connect to computers on client VPN

Hi, we have recently replaced our office firewall with a Merki MX.  I wrote a powershell scirpt to create a client VPN connection to the Meraki, and this is working for the most part, however there are two issues I am having some trouble with.  

First we cannot ping or connect to computers on the client VPN.  VPN clients can connect to our local network but not to other computers on the VPN and office computers also cannot connect to computers on the VPN.  I have tried disabling the Windows firewall, and gone through the Meraki VPN setting but so far I am stumped.

I have also not been able to get computers on the VPN to registery there IP addresses with the DNS server.  I found a blog post discussing this, and the recommendation was to edit the "rasphone.pbk" files setting the IPDNSFlags parameter to 3

 

$RASPhoneBook = "C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk"
(Get-Content $RASPhoneBook) -Replace 'IpDnsFlags=0', 'IpDnsFlags=3' | Set-Content $RASPhoneBook

 

This did set the TCP/IPv4 DNS settings for the connection to register the IP with DNS, but so far it is not working.

Thanks in advance for any help you can offer!

6 REPLIES 6
Doug100
Here to help

Hi, have you a route back from your internal network to the vpn client is range?

Are the remote computers running their own internal firewalls that could be blocking traffic?

JamesFlorance
Here to help

What method of user authentication are you using for the vpn?

If using Meraki for the VPN and windows for everything else you need to set.

 

(Get-Content -path $PbkPath -Raw) -Replace 'UseRasCredentials=1','UseRasCredentials=0' | Set-Content -pat $PbkPath

SopheakMang
Building a reputation

Is there any policy in place ?
check Routing that might conflict between VPN client subnet also Internal Subnet.

if still not work , open case to make sure config on MX is correct , then you can only focus to troubleshoot on VPN client
ShenSimps
Here to help

Hey Guys thanks for the replies.  The Meraki is acting as the gateway router for the internal computers, so it doesn't seem like it could be a routing problem.  Also VPN computers can connect to the internal network.

 

VPN clients are authenticating against radius with their Windows credentials,  and an authentication problem wouldn't seem to explain not being able to ping other computers.

 

I don't have any policies applied to the VPN network, and I have tried disabling the windows firewall....

 

I guess I'll open a ticket on this... I'll reply back when I get a solution.

 

Thanks,

ShenSimps
Here to help

Looks like the problem here was with Symantec. Our symantec antivirus includes its own firewall settings and was blocking the IP subnet on the meraki VPN.  Adding a rule to allow this subnet fixed the problem.  Thanks for all of the replies and help!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels