Client VPN

Will_foss24
Comes here often

Client VPN

Jun 19 08:11:22 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> deleting IKE_SA l2tp-over-ipsec-1[169] between x.x.x.x[x.x.x.x]...x.x.x.x[172.16.105.225]
Jun 19 08:11:22 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> closing CHILD_SA net-1{17} with SPIs c69213dasaf2(inbound) (1444 bytes) 15c004400028(outbound) (383 bytes) and TS x.x.x.x/32[udp/l2f] === x.x.x.x/32[udp/l2f]
Jun 19 08:10:56 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> CHILD_SA net-1{17} established with SPIs c69213dasaf2(inbound) 15c004400028(outbound) and TS x.x.x.x/32[udp/l2f] === x.x.x.x/32[udp/l2f]
Jun 19 08:10:56 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> IKE_SA l2tp-over-ipsec-1[169] established between x.x.x.x[x.x.x.x]...x.x.x.x[172.16.105.225]

 

 

Good day I am having problems with the client VPN. Looks like the connection is established between client and remote site and then i closes out.

On the windows side i get an error message saying "the connection was terminated because the remote computer did not respond in a timely manner. 
I can ping the remote site with success.

 

please any help would be great 

18 REPLIES 18
Will_foss24
Comes here often

CoId={381CE201-9F8E-0006-F3D0-34388E9FD901}: The user DESKTOP-LN\Wfr dialed a connection named aFPO which has failed. The error code returned on failure is 718.

There is some error code.

 

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

Take a look at this.

 

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting#Common_Causes

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

Try running rasphone.exe and connecting with that.  It produces better error messages.

PhilipDAth
Kind of a big deal
Kind of a big deal

It could potentially be related to one of the two ends being behind NAT as well.  Try using my VPN Wizard to create the VPN connection for the client.  It adds the extra registry entries required for NAT operation.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

Do any of the client VPN connections work?

Will_foss24_0-1687272526460.png

 

Good day, after trying your method i was able to get about this far and after about 16 seconds the connection would time out and disconnect.

 

 

 

Does your MX have a private or public IP address on its WAN interface?

 

If it has a private interface, are you NATing through the following ports?

udp/500

udp/4500

udp/1701

Will_foss24
Comes here often

On the WAN interface there is a public IP address. 

Will_foss24
Comes here often

i am able to ping the public IP of the MX from the remote site by IP address and dynamic name 

Is Anyconnect an option? It is much better than L2TP connection.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

when trying the anyconnect option i get the error " No valid certificates available for authentication."

 

still looking into a fix for this

Wait 10 minutes and try again.  When you first enable it, it has to start the process of getting a certificate.

Does the MX have a single WAN interface?

 

Have you tried connecting from a different Internet connection?

 

The problem has to be in one of two places - the client end or the MX end.  Perhaps we have been focusing too much on the MX end ...

the mx has dual wan the redundant wan is not active.

and yes i have tried from another internet connection.

 

maybe some insight on what i may be doing wrong from the client side?

Is the current active WAN marked as the primary WAN under load balancing?

yes Wan 1 is marked as the primary WAN under load balancing under the SD-wan and traffic shaping

Will_foss24
Comes here often

load balancing is disabled.

active-active autoVPN is disabled. 

 

 

Any resolution. I am having the exact same issue. I can ping, It fails the same exact way.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels