Meraki

Community

Client VPN con cliente IPsec no funciona

Solved
EdgeFarming
Here to help
‎Feb 20 2025 4:51 AM
‎Feb 20 2025 4:51 AM

Client VPN con cliente IPsec no funciona

Hola, 

 

Estoy intentando hacer una VPN en Windows 11 con Client VPN IPSec/L2TP a un MX64 pero no funciona, nunca se conecta y no veo nada en el log, también lo intenté con un MX67 y otro proveedor de internet por si el primer bloqueaba la conexión pero nunca se conecta.

 

Si alguien me puede decir que hacer lo agradecería.

 

Saludos

0 Kudos
1 Accepted Solution
In response to EdgeFarming
alemabrahao
Kind of a big deal
‎Feb 21 2025 7:20 AM
‎Feb 21 2025 7:20 AM

Take a look at this:

 

 

https://www.youtube.com/watch?v=rrERKMKTrww

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

0 Kudos
10 Replies 10
alemabrahao
Kind of a big deal
‎Feb 20 2025 5:41 AM
‎Feb 20 2025 5:41 AM

Do you have a dedicated link (public IP configured directly on the MX's WAN interface) or is it a residential link (which uses NAT)?

 

Take a look at the documentation.

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
EdgeFarming
Here to help
‎Feb 20 2025 5:57 AM
‎Feb 20 2025 5:57 AM

Hi! It's a residential link, we use it mainly for sd-wan but want to be able to connect to the network with a client vpn. is it a possible configuration?

 

Thanks

0 Kudos
In response to EdgeFarming
alemabrahao
Kind of a big deal
‎Feb 20 2025 6:01 AM
‎Feb 20 2025 6:01 AM

It is only possible if you can configure a NAT on your ISP's router pointing to the private IP configured on the MX's WAN interface, otherwise not.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
EdgeFarming
Here to help
‎Feb 21 2025 12:59 AM
‎Feb 21 2025 12:59 AM

Hi, I have access to my internet router, but I'm not sure wich ports to map for:

1. Client VPN (IPsec/L2tP)

2. AnyConnect

 

I have attached an image of what I have done, but it does not work.ports.png

0 Kudos
chakshu
Meraki Employee
Meraki Employee
‎Feb 20 2025 6:53 AM
‎Feb 20 2025 6:53 AM

It is highly likely that the MX is not getting the client VPN request at all, you might need to NAT or port forward on the upstream ISP router and open the port you have set for anyconnect on your MX. Your ISP should be able to help you with this, or you can login to the upstream router with admin credentials and make changes by yourself.

 

If you would like to troubleshoot this further you can collect pcap on internet interface on MX and verify if you are getting client VPN traffic for anyconnect port in your pcaps.

Do rate helpful posts by leaving your kudos/mark it as solved.
0 Kudos
In response to chakshu
EdgeFarming
Here to help
‎Feb 21 2025 12:59 AM
‎Feb 21 2025 12:59 AM

Hi, I have access to my internet router, but I'm not sure wich ports to map for:

1. Client VPN (IPsec/L2tP)

2. AnyConnect

 

I have attached an image of what I have done, but it does not work.ports.png

0 Kudos
In response to EdgeFarming
chakshu
Meraki Employee
Meraki Employee
‎Feb 21 2025 6:54 AM
‎Feb 21 2025 6:54 AM

You should be able to check the port by from anyconnect page. In my case its 987. So opening tcp 987 was enough for it to work in my case.image.png

 

If its still not working you should take a pcap and check if the traffic is hitting MX or not, it is possible that you will need to call your ISP to get the port opened from them.

Do rate helpful posts by leaving your kudos/mark it as solved.
0 Kudos
In response to chakshu
EdgeFarming
Here to help
‎Feb 21 2025 7:10 AM
‎Feb 21 2025 7:10 AM

Hi chakshu, 

 

it works now for Anyconnect, thanks! but it does not work yet for client vpn, now it shows error 809. 

 

Captura de pantalla 2025-02-21 160613.pngCaptura de pantalla 2025-02-21 160959.png

 

 

 

0 Kudos
In response to EdgeFarming
alemabrahao
Kind of a big deal
‎Feb 21 2025 7:20 AM
‎Feb 21 2025 7:20 AM

Take a look at this:

 

 

https://www.youtube.com/watch?v=rrERKMKTrww

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
EdgeFarming
Here to help
‎Feb 21 2025 7:41 AM
‎Feb 21 2025 7:41 AM

Super! Now it's working, thanks!

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.