Client VPN fails for one client after 1.5 hours, can't reconnect.

louyo
Here to help

Client VPN fails for one client after 1.5 hours, can't reconnect.

Client ran connected for about an hour and a half this morning and then was disconnected. When she tried to re-connect, she got an error saying that the L2TP connection failed because the security layer encountered a processing error during initial negotiation...
I can connect from my location using my credentials but not hers. When I try to connect with her credentials, it fails. This is in the log:

May 8 07:53:00 Non-Meraki / Client VPN negotiationmsg: ISAKMP-SA deleted 69.XXX.XXX.1XX[4500]-173.XXX.XXX.X98[4500] spi:765xxxx401727bdd:b2104xxxxdd73a04
May 8 07:53:00 Non-Meraki / Client VPN negotiationmsg: ISAKMP-SA expired 69.XXX.XXX.1XX[4500]-173.XXX.XXX.X98[4500] spi:76xxxx7401727bdd:b2104xxxxdd73a04
May 8 07:53:00 Non-Meraki / Client VPN negotiationmsg: purged IPsec-SA proto_id=ESP spi=3377738687.
May 8 07:52:59 Non-Meraki / Client VPN negotiationmsg: IPsec-SA established: ESP/Transport 69.XXX.XXX.1XX[4500]->173.XXX.XXX.X98[4500] spi=3377738687(0xcxxxx3bf)
May 8 07:52:59 Non-Meraki / Client VPN negotiationmsg: IPsec-SA established: ESP/Transport 69.XXX.XXX.1XX[4500]->173.XXX.XXX.X98[4500] spi=20534645(0xxxxx575)
May 8 07:52:59 Non-Meraki / Client VPN negotiationmsg: ISAKMP-SA established 69.XXX.XXX.1XX[4500]-173.XXX.XXX.X98[4500] spi:765xxxx401727bdd:b2104xxxxdd73a04


I believe she ran without problems yesterday.

2 Replies 2
JimmyPhelan
Getting noticed

This is usally Error 789 in teh event log for the VPN.

 

I would look at the configuration for the user again, and make sure everything is ok.

 

Look at the following

1. Ensure that the Xbox Live Networking Services are stopped and/or disabled on her device. this can interfere with L2TP.

2. Try and use the various powershell scripts to recreate the VPN from scratch on her device

3. use rasphone.exe to lauch the profile as opposed to doing it through windows 10 Modern UI.

Nash
Kind of a big deal

If you want to use a script, I recommend Philip's generator.

 

I strongly recommend using a PowerShell script for Win10. I definitely recommend re-installing the VPN. When you get a 789 error, deletion/reinstall is usually the fastest fix.

 

Also see if your end user is on Windows 10 1909 or not. If she's not, schedule an upgrade.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels