Client VPN issue Windows 10

reditguy
Here to help

Client VPN issue Windows 10

Hi, a few our our users started having VPN issues recently, not sure why.  We are now on Windows 10 Pro 1909 but I see no reports of there being compatibility issues with it, or with any recent Microsoft security updates...and it did work until recently.

 

Error code is 789.

 

I have tried majority of the fixes...setting up a new VPN connection with a new VPN name, ensuring PCAP is checked, ensuring services are started and set to automatic, adding the registry key and setting it to 2.  I even tried disabling the Windows Firewall and Antivirus completely.  I haven't checked any port forwarding or anything yet.

 

Odd thing is I am able to connect to VPN using my cell phone hotspot, just not my usual/regular Comcast ISP (other users have Optimum with the same issue).

 

Any thoughts?

 

4 Replies 4
Nash
Kind of a big deal

I've run into a problem recently where some ISPs (mostly cable) have done something to their ISP-provided equipment, and it prevents the IPSEC tunnel from forming. Mediacom is my local culprit, and their only fix offered is "buy your own router w cable modem".

Same behavior you describe: Cellphone hotspot or other separate connection, VPN works. On the cable internet, VPN does not work, returns 789.

 

Have you reached out to your ISP and asked pointed questions? 

reditguy
Here to help

Few other notes...
 
Some users are having issues not all
Using Meraki auth, not Radius
Draytek VPN client did not work
Disabling IPv6 did not work
BUT....I did fix it! Issue was that our ISP, Xfinity, had some advanced security setting they turned on automatically on all routers/modem (their support didn't even know, I found it).
So once I disabled that and re-enabled that and allowed the port it worked fine. 
 
 
 
Nash
Kind of a big deal

Don't you love ISPs

 

and by love, I mean the exact opposite of love.

 

I'm so glad you found that setting. Like I think I said... my clients have just gone and bought their own equip, because they'd lost faith in their ISPs's gear at that point. In this day and age, how is blocking IPSEC a "security feature"? Honestly.

 

BTW, if you're in Windows, you should always leave IPv6 enabled. This is especially true on Windows Servers. IPv6 support won't impact your IPv4 connections, and it's necessary for certain services to function correctly.

Turfmn1
Conversationalist

I've run into this with clients that have Mediacom for their ISP. The Mediacom techs always suggest having the customer replace their Mediacom provided modem/firewall with another manufacture of firewall. I've not had issues with Comcast, Verizon or Think Big ISPs.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels