Meraki

Community

Client VPN con cliente IPsec no funciona

Solved
EdgeFarming
Here to help
yesterday
yesterday

Client VPN con cliente IPsec no funciona

Hola, 

 

Estoy intentando hacer una VPN en Windows 11 con Client VPN IPSec/L2TP a un MX64 pero no funciona, nunca se conecta y no veo nada en el log, también lo intenté con un MX67 y otro proveedor de internet por si el primer bloqueaba la conexión pero nunca se conecta.

 

Si alguien me puede decir que hacer lo agradecería.

 

Saludos

0 Kudos
1 Accepted Solution
In response to EdgeFarming
alemabrahao
Kind of a big deal
5 hours ago
5 hours ago

Take a look at this:

 

 

https://www.youtube.com/watch?v=rrERKMKTrww

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
10 Replies 10
alemabrahao
Kind of a big deal
yesterday
yesterday

Do you have a dedicated link (public IP configured directly on the MX's WAN interface) or is it a residential link (which uses NAT)?

 

Take a look at the documentation.

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
EdgeFarming
Here to help
yesterday
yesterday

Hi! It's a residential link, we use it mainly for sd-wan but want to be able to connect to the network with a client vpn. is it a possible configuration?

 

Thanks

0 Kudos
In response to EdgeFarming
alemabrahao
Kind of a big deal
yesterday
yesterday

It is only possible if you can configure a NAT on your ISP's router pointing to the private IP configured on the MX's WAN interface, otherwise not.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
EdgeFarming
Here to help
12 hours ago
12 hours ago

Hi, I have access to my internet router, but I'm not sure wich ports to map for:

1. Client VPN (IPsec/L2tP)

2. AnyConnect

 

I have attached an image of what I have done, but it does not work.ports.png

0 Kudos
chakshu
Meraki Employee
Meraki Employee
yesterday
yesterday

It is highly likely that the MX is not getting the client VPN request at all, you might need to NAT or port forward on the upstream ISP router and open the port you have set for anyconnect on your MX. Your ISP should be able to help you with this, or you can login to the upstream router with admin credentials and make changes by yourself.

 

If you would like to troubleshoot this further you can collect pcap on internet interface on MX and verify if you are getting client VPN traffic for anyconnect port in your pcaps.

Do rate helpful posts by leaving your kudos/mark it as solved.
0 Kudos
In response to chakshu
EdgeFarming
Here to help
12 hours ago
12 hours ago

Hi, I have access to my internet router, but I'm not sure wich ports to map for:

1. Client VPN (IPsec/L2tP)

2. AnyConnect

 

I have attached an image of what I have done, but it does not work.ports.png

0 Kudos
In response to EdgeFarming
chakshu
Meraki Employee
Meraki Employee
6 hours ago
6 hours ago

You should be able to check the port by from anyconnect page. In my case its 987. So opening tcp 987 was enough for it to work in my case.image.png

 

If its still not working you should take a pcap and check if the traffic is hitting MX or not, it is possible that you will need to call your ISP to get the port opened from them.

Do rate helpful posts by leaving your kudos/mark it as solved.
0 Kudos
In response to chakshu
EdgeFarming
Here to help
6 hours ago
6 hours ago

Hi chakshu, 

 

it works now for Anyconnect, thanks! but it does not work yet for client vpn, now it shows error 809. 

 

Captura de pantalla 2025-02-21 160613.pngCaptura de pantalla 2025-02-21 160959.png

 

 

 

0 Kudos
In response to EdgeFarming
alemabrahao
Kind of a big deal
5 hours ago
5 hours ago

Take a look at this:

 

 

https://www.youtube.com/watch?v=rrERKMKTrww

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
EdgeFarming
Here to help
5 hours ago
5 hours ago

Super! Now it's working, thanks!

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.