Hey everyone,
Last week, I encountered a problem where suddenly my Client VPN and AnyConnect VPN stopped working across several organizations. It was confusing because everything was fine the week before.
The issue occurred in different setups like these:
ISP RT -> MSP Router -> MX : With port forwarding
ISP RT -> MX : Without port forwarding.
After some digging, I opened a case and, with Chris's help from Meraki Support this week, we discovered during a call that the MX inbound firewall was blocking the connections. This explained why the client kept retrying without receiving a response.
It turns out this is a common problem when you enable no Nat (manual inbound firewall rules) through the early access page, disrupting the automatic 1:1 NAT / port forwarding that usually supports Client and AnyConnect VPN services.
Disabling this early access feature fixed the problem. So, if you're using the no NAT early access, remember to allow inbound connections on UDP ports 500 and 4500 for client VPN, and TCP and UDP 443 for AnyConnect.
This solution worked for me, and I hope it can help others facing similar issues. It would be great to put a notice on this stating if client vpn is active please make sure those rules are implemented after opting in.
This is a screenshot from part of the document linked in the section where you opt-in for this early access feature. That section does say to "Please see the documentation for more information."
