I am trying to configure Client VPN on my MX 64. Below is what I tried so far.
Also configured couple outbound rules (may be wrong).
When I try to connect the L2TP VPN from my iPhone it says "L2TP-VPN server did not respond".
192.168.128.0/24 - LAN
192.168.120.0/29 - VPN
Any help please.
On my side :
- I didn't add any outbound rules, the default one is ok for testing and on a daily basis for me
- my MX is behind a router with NAT so i add to Port translation on the router for UDP 500 and 4500 pointing to the MX
- my Client VPN config is pushed using the Meraki MDM, easy and simple
That's it !
Hope that will help you.
I had the same issue before, check if there is no upstream device doing natting?
For me it was our dlink router doing the natting, so i had to make a change on the DLink router and it worked
Have you tried this?
has a section for IOS devices.
We use client VPN on our MX84, but only through Win 10 devices - haven't configured any outbound rules or anything and works fine.
I've just tested mine on an Iphone 7plus - had to disconnect wifi (connected to internal Merak based SSID on corp network) and worked fine - did get same L2TP did not respond message until i turned of wifi.
What OS is the endpoint that you're connecting from? If it's Win10, you can and should be setting it up using PowerShell. I've got some scripts you can use or base your own script off of.
Yeah, it takes some configuration to get the clients to connect.
I have my MX84 tied to a RADIUS server for client auth. It works great once the clients are configured correctly.
I haven't tried connecting iOS or Android devices, but for Win 10 devices you need to go into the settings for the VPN adapter and set a few options in the Security tab.
- L2TP/IPSec w/ pre-shared key
- Require encryption, disconnect if declined
- Allow these protocols:
-- CHAP v2
Sorry for taking time on this. was sick for a while.
I did check my setup. I do have an upstream device(s) before my MX.
This is how it was setup. Don't ask me Why, because I don't remember it.
May be because I don't want to touch the ISP's router. So I used the TPLink to do the Natt or In Bridge.
I am working on to change the structure but it is going to take a while. Probably few months.
So for now, How do I do the Forwarding for VPN with the current setup.
That really sounds needlessly complex to me. If your ISP is providing a router as well, you'd have to port forward 500/4500 from the ISP router to your TP-Link, then from your TP-Link to your MX.
If the ISP device is a router, I normally put the ISP device into bridge mode. If I can't do it myself, I call the ISP and request their help. Once you get a live person, it usually only takes a few min if you haven't changed the creds on the ISP device.