Client VPN Issue

nmemmert
Here to help

Client VPN Issue

I have user that is configured to connect on client VPN...I have verified that all his setting are correct but he is still not able to connect. We are using MS NPS for authentication but there NPS server does not show him in the logs all I see are the following from the Meraki logs... anyone have any thoughts?

 

May 7 09:06:59

 

Non-Meraki / Client VPN negotiation

msg: failed to begin ipsec sa negotiation.

May 7 09:06:59

 

Non-Meraki / Client VPN negotiation

msg: no configuration found for 184.170.72.175.

May 7 09:06:59

 

Non-Meraki / Client VPN negotiation

msg: ISAKMP-SA deleted 216.98.75.115[4500]-184.170.72.175[4500] spi:495cbc08da3d1d16:d793b6511aa6171c

May 7 09:06:59

 

Non-Meraki / Client VPN negotiation

msg: ISAKMP-SA expired 216.98.75.115[4500]-184.170.72.175[4500] spi:495cbc08da3d1d16:d793b6511aa6171c

May 7 09:06:59

 

Non-Meraki / Client VPN negotiation

msg: purged IPsec-SA proto_id=ESP spi=150744868.

May 7 09:06:57

 

Non-Meraki / Client VPN negotiation

msg: IPsec-SA established: ESP/Transport 216.98.75.115[4500]->184.170.72.175[4500] spi=150744868(0x8fc2f24)

May 7 09:06:57

 

Non-Meraki / Client VPN negotiation

msg: IPsec-SA established: ESP/Transport 216.98.75.115[4500]->184.170.72.175[4500] spi=54281960(0x33c46e8)

May 7 09:06:56

 

Non-Meraki / Client VPN negotiation

msg: ISAKMP-SA established 216.98.75.115[4500]-184.170.72.175[4500] spi:495cbc08da3d1d16:d793b6511aa6171c

May 7 09:04:25

 

Non-Meraki / Client VPN negotiation

msg: IPsec-SA expired: ESP/Transport 216.98.75.115[500]->184.170.72.175[500]

3 REPLIES 3
Inderdeep
Kind of a big deal

@nmemmert : Hope you followed this 

https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
PhilipDAth
Kind of a big deal

Make the problem simpler to see where the issue is.

 

If you change to using Meraki Authentication - can you make it work?

 

If this is a Windows client, you can try creating a script using my tool to help eliminate user errors with configuration.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

This is for a Mac client. I have the VPN working for Windows, Mac and Linux but for some reason it is just this one client this is not working.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels