Client VPN

Will_foss24 · ‎06-19-2023

Jun 19 08:11:22	Client VPN	Client VPN negotiation	msg: <l2tp-over-ipsec-1\|169> deleting IKE_SA l2tp-over-ipsec-1[169] between x.x.x.x[x.x.x.x]...x.x.x.x[172.16.105.225]
Jun 19 08:11:22	Client VPN	Client VPN negotiation	msg: <l2tp-over-ipsec-1\|169> closing CHILD_SA net-1{17} with SPIs c69213dasaf2(inbound) (1444 bytes) 15c004400028(outbound) (383 bytes) and TS x.x.x.x/32[udp/l2f] === x.x.x.x/32[udp/l2f]
Jun 19 08:10:56	Client VPN	Client VPN negotiation	msg: <l2tp-over-ipsec-1\|169> CHILD_SA net-1{17} established with SPIs c69213dasaf2(inbound) 15c004400028(outbound) and TS x.x.x.x/32[udp/l2f] === x.x.x.x/32[udp/l2f]
Jun 19 08:10:56	Client VPN	Client VPN negotiation	msg: <l2tp-over-ipsec-1\|169> IKE_SA l2tp-over-ipsec-1[169] established between x.x.x.x[x.x.x.x]...x.x.x.x[172.16.105.225]

Good day I am having problems with the client VPN. Looks like the connection is established between client and remote site and then i closes out.

On the windows side i get an error message saying "the connection was terminated because the remote computer did not respond in a timely manner.
I can ping the remote site with success.

please any help would be great

Will_foss24 · ‎06-19-2023

CoId={381CE201-9F8E-0006-F3D0-34388E9FD901}: The user DESKTOP-LN\Wfr dialed a connection named aFPO which has failed. The error code returned on failure is 718.

alemabrahao · ‎06-19-2023

There is some error code.

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

alemabrahao · ‎06-19-2023

Take a look at this.

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting#Common_Causes

PhilipDAth · ‎06-19-2023

Try running rasphone.exe and connecting with that. It produces better error messages.

PhilipDAth · ‎06-19-2023

It could potentially be related to one of the two ends being behind NAT as well. Try using my VPN Wizard to create the VPN connection for the client. It adds the extra registry entries required for NAT operation.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

Do any of the client VPN connections work?

Will_foss24 · ‎06-20-2023

Good day, after trying your method i was able to get about this far and after about 16 seconds the connection would time out and disconnect.

PhilipDAth · ‎06-20-2023

Does your MX have a private or public IP address on its WAN interface?

If it has a private interface, are you NATing through the following ports?

udp/500

udp/4500

udp/1701

Will_foss24 · ‎06-20-2023

On the WAN interface there is a public IP address.

Will_foss24 · ‎06-20-2023

i am able to ping the public IP of the MX from the remote site by IP address and dynamic name

alemabrahao · ‎06-20-2023

Is Anyconnect an option? It is much better than L2TP connection.

Will_foss24 · ‎06-20-2023

when trying the anyconnect option i get the error " No valid certificates available for authentication."

still looking into a fix for this

PhilipDAth · ‎06-20-2023

Wait 10 minutes and try again. When you first enable it, it has to start the process of getting a certificate.

PhilipDAth · ‎06-20-2023

Does the MX have a single WAN interface?

Have you tried connecting from a different Internet connection?

The problem has to be in one of two places - the client end or the MX end. Perhaps we have been focusing too much on the MX end ...

Will_foss24 · ‎06-20-2023

the mx has dual wan the redundant wan is not active.

and yes i have tried from another internet connection.

maybe some insight on what i may be doing wrong from the client side?

PhilipDAth · ‎06-20-2023

Is the current active WAN marked as the primary WAN under load balancing?

Will_foss24 · ‎06-20-2023

yes Wan 1 is marked as the primary WAN under load balancing under the SD-wan and traffic shaping

Will_foss24 · ‎06-20-2023

load balancing is disabled.

active-active autoVPN is disabled.

Eric1234 · ‎08-17-2023

Any resolution. I am having the exact same issue. I can ping, It fails the same exact way.