Client VPN Configuration help required

KrishnaGummadap
Comes here often

Client VPN Configuration help required

Hi All,

 

I am trying to configure Client VPN on my MX 64. Below is what I tried so far.

 

VPN.JPG

Also configured couple outbound rules (may be wrong).

 

Outbound.JPG

 

When I try to connect the L2TP VPN from my iPhone it says "L2TP-VPN server did not respond".

192.168.128.0/24 - LAN

192.168.120.0/29 - VPN

 

Any help please.

 

Thank you,

 

10 REPLIES 10
nscheffer
Getting noticed

Hi,

 

On my side :

- I didn't add any outbound rules, the default one is ok for testing and on a daily basis for me

- my MX is behind a router with NAT so i add to Port translation on the router for UDP 500 and 4500 pointing to the MX

- my Client VPN config is pushed using the Meraki MDM, easy and simple

 

That's it !

Hope that will help you.

 

Nicolas

 

Hi,

Sorry for taking time on this. was sick for a while.

 

I did check my setup. I do have an upstream device(s) before my MX.

Meraki Setup.JPG

This is how it was setup. Don't ask me Why, because I don't remember it.

May be because I don't want to touch the ISP's router. So I used the TPLink to do the Natt or In Bridge.

 

I am working on to change the structure but it is going to take a while. Probably few months. 

So for now, How do I do the Forwarding for VPN with the current setup.

Thank you,

Krishna

 

That really sounds needlessly complex to me. If your ISP is providing a router as well, you'd have to port forward 500/4500 from the ISP router to your TP-Link, then from your TP-Link to your MX.

 

If the ISP device is a router, I normally put the ISP device into bridge mode. If I can't do it myself, I call the ISP and request their help. Once you get a live person, it usually only takes a few min if you haven't changed the creds on the ISP device.

Ok. I will contact my ISP for changing their router config to bridge mode.

 

 

route_map
Building a reputation

I had the same issue before, check if there is no upstream device doing natting?

For me it was our dlink router doing the natting, so i had to make a change on the DLink router and it worked

nealgs
Building a reputation

Have you tried this?

 

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration

 

has a section for IOS devices.

 

We use client VPN on our MX84, but only through Win 10 devices - haven't configured any outbound rules or anything and works fine.

 

I've just tested mine on an Iphone 7plus - had to disconnect wifi (connected to internal Merak based SSID on corp network) and worked fine - did get same L2TP did not respond message until i turned of wifi.

 

kordm
Getting noticed

Yeah, it takes some configuration to get the clients to connect.

 

I have my MX84 tied to a RADIUS server for client auth. It works great once the clients are configured correctly.

 

I haven't tried connecting iOS or Android devices, but for Win 10 devices you need to go into the settings for the VPN adapter and set a few options in the Security tab.

- L2TP/IPSec w/ pre-shared key

- Require encryption, disconnect if declined
- Allow these protocols:

--Unencryped password

-- CHAP v2

nealgs
Building a reputation

Forgot to add that our authentication is via Active Directory.

Nash
Kind of a big deal

What OS is the endpoint that you're connecting from? If it's Win10, you can and should be setting it up using PowerShell. I've got some scripts you can use or base your own script off of.

kordm
Getting noticed

Are you trying to test the connection from outside the network or inside the LAN?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels