The DLink us in bridge mode already. I believe it is not blocking anything as the firewall would be completely transparent in bridge mode. Is there any other configuration that needs to be done on it?

I have a DMZ setting on my home router. From what I understand, when enabling this, and setting the DMZ address, what ever client with that address is in the DMZ of my home router and therefore free of any firewalling.

I couldn’t get my MX to register in the cloud, and a call to my friendly neighbourhood ISP, confirmed my suspicion.

My MX was being firewalled, even though it was put in DMZ. And this was working by design.

So, take a look at your DLink, and verify it isn’t firewalling your MX. And afterwards try adding the Meraki Firewall info, that is required for Cloud communication.

The D-Link router is in bridge mode and is not getting any WAN IP. The MX is getting public IP. 

@rhbirkelund in your case, seems like your MX is getting private IP allocated by ISPs router.

What error message is the client getting reported?  Anything appearing in the Network-Wide/Event log when a user tries to connect?

Check out the client VPN trouble shooting guide.

https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN

At a guess even though the D-Link is in bridge mode that model is a consumer grade modem and is probably doing something silly with VPN traffic. 

I am getting error 789 on windows clients and I have followed the troubleshooting steps. However, that didn't yield anything.

When I look at Uplink for my MX, I see a public IP and a WAN IP and both are different. Public IP is 180.x.x.x whereas the WAN IP is 100.x.x.x. I can ping the public IP from other hosts, but cannot ping the WAN IP. When I do a packet capture with a continuous ping to 180.x.x.x IP address, I do not see any traffic coming in to my MX even though the ping is successful. The ping to 100.x.x.x anyways fails and is not logged in the pcap.

I tried to capture all the icmp traffic with continuous ping to both the ip's running from a PC sitting on internet via 4G/LTE. the only ICMP traffic that I could see was requests being sent to 8.8.8.8 and replies received from it.

@rock3t_singh 

Perhaps traceroute outside from behind your MS120 and see which route it follows outside.

OR

Are u able to ping your dynamic hostname of your MX? You can find it under Appliance Status -> Hostname 

It should be visible under your WAN1 ip. 

If this does respond, configure your VPN with the DDNS.

The hostname resolves to 180.x.x.x IP and I am able to reach it from outside.

Still, I do not see any icmp packets hitting the internet interface when I do a packet capture.

In google it shows my ip as 180.x.x.x and not 100.x.x.x.

I am also able to ping 180.x.x.x ip from internet.

Interesting! If you are seeing 100.x.x.x as the public IP on the dashboard, that means the Meraki dashboard is seeing traffic coming from this appliance with that IP. Definitely, something funky is going on with NAT upstream (probably only for certain routes and not all as we are seeing 180.x.x.x as public from a client behind MX)

That being said, since we are not able to ping 180.x.x.x from your computer, can you do a traceroute from your computer to 180.x.x.x and see where it is getting dropped? Also, it's worth connecting to a different ISP on the client side to check if it will make any difference

@Raj66 

I see the WAN1 IP and Public IP as 180.X.X.X whereas the IP on the WAN interface is different. Please see the attached screenshot.

Thanks a lot for all the advise and help, finally managed to fix it.

Apparently turned out that the ISP in this case (Aussie Broadband) uses CG-NAT (https://www.aussiebroadband.com.au/support/knowledge-base/nbn/cg-nat/). Got on a call with them and opted out of CG-NAT and everything came on track.