Client VPN Configuration help required

Comes here often

Client VPN Configuration help required

Hi All,


I am trying to configure Client VPN on my MX 64. Below is what I tried so far.



Also configured couple outbound rules (may be wrong).




When I try to connect the L2TP VPN from my iPhone it says "L2TP-VPN server did not respond". - LAN - VPN


Any help please.


Thank you,


10 Replies 10
Getting noticed



On my side :

- I didn't add any outbound rules, the default one is ok for testing and on a daily basis for me

- my MX is behind a router with NAT so i add to Port translation on the router for UDP 500 and 4500 pointing to the MX

- my Client VPN config is pushed using the Meraki MDM, easy and simple


That's it !

Hope that will help you.





Sorry for taking time on this. was sick for a while.


I did check my setup. I do have an upstream device(s) before my MX.

Meraki Setup.JPG

This is how it was setup. Don't ask me Why, because I don't remember it.

May be because I don't want to touch the ISP's router. So I used the TPLink to do the Natt or In Bridge.


I am working on to change the structure but it is going to take a while. Probably few months. 

So for now, How do I do the Forwarding for VPN with the current setup.

Thank you,



That really sounds needlessly complex to me. If your ISP is providing a router as well, you'd have to port forward 500/4500 from the ISP router to your TP-Link, then from your TP-Link to your MX.


If the ISP device is a router, I normally put the ISP device into bridge mode. If I can't do it myself, I call the ISP and request their help. Once you get a live person, it usually only takes a few min if you haven't changed the creds on the ISP device.

Ok. I will contact my ISP for changing their router config to bridge mode.



Building a reputation

I had the same issue before, check if there is no upstream device doing natting?

For me it was our dlink router doing the natting, so i had to make a change on the DLink router and it worked

Building a reputation

Have you tried this?


has a section for IOS devices.


We use client VPN on our MX84, but only through Win 10 devices - haven't configured any outbound rules or anything and works fine.


I've just tested mine on an Iphone 7plus - had to disconnect wifi (connected to internal Merak based SSID on corp network) and worked fine - did get same L2TP did not respond message until i turned of wifi.


Getting noticed

Yeah, it takes some configuration to get the clients to connect.


I have my MX84 tied to a RADIUS server for client auth. It works great once the clients are configured correctly.


I haven't tried connecting iOS or Android devices, but for Win 10 devices you need to go into the settings for the VPN adapter and set a few options in the Security tab.

- L2TP/IPSec w/ pre-shared key

- Require encryption, disconnect if declined
- Allow these protocols:

--Unencryped password

-- CHAP v2

Building a reputation

Forgot to add that our authentication is via Active Directory.

Kind of a big deal

What OS is the endpoint that you're connecting from? If it's Win10, you can and should be setting it up using PowerShell. I've got some scripts you can use or base your own script off of.

Getting noticed

Are you trying to test the connection from outside the network or inside the LAN?

Get notified when there are additional replies to this discussion.