A new client has a Cisco Meraki MX84 installed by a previous IT person. Now they want to implement VPN. I know how to do it (at least I think I do) but for some reason I can't figure why every time I go to save the config I get an error message that says -
There were errors in saving this configuration:
Currently when I go into Security & SD-WAN then Client VPN it's disabled.
I enabled Client VPN server
Accept the default/Example Subnet 192.168.3.0/24 which is unique and different than the current network
For the DNS server I selected Specify nameservers and for Custom nameserver entered the domain server 192.168.1.x
No WINS servers selected
Entered Shared secret
Authentication, selected Meraki Cloud Authentication
Finally clicked Save at the bottom, then get the above error message mentioned at the top.
I looked everywhere and there is no port forwarding selected. Am I missing something? BTW, I have worked with Cisco ASA before, but this is my first time with Cloud based. It looks simple enough (maybe too simple compared to CLI in Cisco ASA). I hope someone can help. Thanks in advance.
Most likely, there is some NAT forward you can't see. Take a look under:
Security @ SD-WAN/Firewall/Forwarding rules
I looked there and that's what has me confused -
In the Forwarding rules
Port forwarding = There are no port forwarding rules on this network.
1:1 NAT = There are no 1:1 NAT mappings.
1:Many NAT = has Public IP address = x.x.x.x
Uplink = Internet1
under this there are 8 rules
Thanks.
>under this there are 8 rules
I'm guessing one of those is for udp/500 or udp/4500, which is needed for client VPN.
There is only one UDP port it's 5800 the rest are TCP for RDP and one is port 23.and 1603.
You would think Meraki would give a better error message that would point to where the problem is.
Thanks
Here is another thing I just discovered that is strange and maybe there is a glitch somewhere not related to trying to enable Client VPN. When I click on disable after getting the error message and then client save I get the same error message even though I am clicking disable Client VPN.
I don't understand why Cisco thinks I am trying to forward the primary IP address of Internet port 1.
Did you checked this document and troubleshoot with all steps
https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting
I just checked it. This seems to be more for if you already have Client VPN set up, I can't get past enabling and saving configuration, when I do I get the error mentioned before. Also when I am on any other page under Security & SD-WAN and click save I get the same error, makes me wonder if it's not Client VPN related something else going on.
I don't understand why it thinks I want the Internet 1 forwarded.