cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Client VPN issue Windows 10

Highlighted
Here to help

Client VPN issue Windows 10

Hi, a few our our users started having VPN issues recently, not sure why.  We are now on Windows 10 Pro 1909 but I see no reports of there being compatibility issues with it, or with any recent Microsoft security updates...and it did work until recently.

 

Error code is 789.

 

I have tried majority of the fixes...setting up a new VPN connection with a new VPN name, ensuring PCAP is checked, ensuring services are started and set to automatic, adding the registry key and setting it to 2.  I even tried disabling the Windows Firewall and Antivirus completely.  I haven't checked any port forwarding or anything yet.

 

Odd thing is I am able to connect to VPN using my cell phone hotspot, just not my usual/regular Comcast ISP (other users have Optimum with the same issue).

 

Any thoughts?

 

3 REPLIES 3
Highlighted
Kind of a big deal

Re: Client VPN issue Windows 10

I've run into a problem recently where some ISPs (mostly cable) have done something to their ISP-provided equipment, and it prevents the IPSEC tunnel from forming. Mediacom is my local culprit, and their only fix offered is "buy your own router w cable modem".

Same behavior you describe: Cellphone hotspot or other separate connection, VPN works. On the cable internet, VPN does not work, returns 789.

 

Have you reached out to your ISP and asked pointed questions? 

Highlighted
Here to help

Re: Client VPN issue Windows 10

Few other notes...
 
Some users are having issues not all
Using Meraki auth, not Radius
Draytek VPN client did not work
Disabling IPv6 did not work
BUT....I did fix it! Issue was that our ISP, Xfinity, had some advanced security setting they turned on automatically on all routers/modem (their support didn't even know, I found it).
So once I disabled that and re-enabled that and allowed the port it worked fine. 
 
 
 
Highlighted
Kind of a big deal

Re: Client VPN issue Windows 10

Don't you love ISPs

 

and by love, I mean the exact opposite of love.

 

I'm so glad you found that setting. Like I think I said... my clients have just gone and bought their own equip, because they'd lost faith in their ISPs's gear at that point. In this day and age, how is blocking IPSEC a "security feature"? Honestly.

 

BTW, if you're in Windows, you should always leave IPv6 enabled. This is especially true on Windows Servers. IPv6 support won't impact your IPv4 connections, and it's necessary for certain services to function correctly.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.