Client VPN

Phil_SCDS
Getting noticed

Client VPN

Hi All,

 

I have setup a client VPN connecting into an MX84 router. For the majority of users this is working absolutely fine. However, one user running windows 7 is experiencing error 741 when trying to connect. This is the error for their computer not supporting the data encryption type. My question is: what is the data encryption type. This page:

 

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview

 

Suggests that it is using 3DES, AES128 and SHA1 but SHA1 is no longer supported by Microsoft so it seems unlikely that this is still in use. Does anyone know if this is still correct or if it has changed and the documentation is simply out of date? If so what is the current encryption type?

 

Many thanks,

 

Phil

9 Replies 9
Uberseehandel
Kind of a big deal

Do you have the option of upgrading Win 7 to Win 10?

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Phil_SCDS
Getting noticed

Hi Uberseehandel,

 

Thanks for your reply, unfortunately the machine belongs to the end user and is outside of my remit.

 

Many thanks,

 

Phil

BrechtSchamp
Kind of a big deal

Have you followed these to the letter:

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_7

 

(And double and triple checked? :P)

Phil_SCDS
Getting noticed

Hi BrechtSchamp,

 

I can't configure the connection myself so I only have the end users word that they have followed the instructions. I will ask them to check again though.

 

Many thanks,

 

Phil

Nash
Kind of a big deal

@Phil_SCDS(Edit: If your user is Win10) Is there any chance your user is able to run a PowerShell script? I realize that may be disabled for security purposes, but I live in a world where lol security so.

 

I've got one that's fairly simple and can be changed to not require administrator permissions. There's comments in it that tell you exactly what to change, although please do test on your PC. 

 

To run:

 

1. Open PowerShell

2. Allow PowerShell to run the script with this command: set-executionpolicy -scope process unrestricted

3. Run the script.

4. Answer the prompts.

5. Close PowerShell

 

If you walk through it, you can probably write better instructions. My help desk has significantly longer ones but they're not easy to share.

Nash
Kind of a big deal

The information on that page is correct. I have dozens of users on Win7 that successfully use the client VPN, so I don't think your problem is encryption.

 

My questions for you:

 

Did you delete and re-create the VPN connection? Does it work?

 

If you try this under a different Windows user on the same PC, does it work?

 

If you try a different VPN user on the same PC, does it work?

 

Can you successfully connect using that username on a different PC?

SoCalRacer
Kind of a big deal

I can tell you this, I have dozens of Windows 7 Pro (Ready to replace) machines using the Client VPN. Might want to double check if this is Pro or Home version. The other option you might want to see is if a fresh Windows 7 install with a client VPN is that working in your environment.

 

Phil_SCDS
Getting noticed

Hi SoCalRacer,

 

I will double check on the windows version type, they tend to take a while to get back to me so watch this space.

 

Many thanks,

 

Phil

Phil_SCDS
Getting noticed

Hi Nash,

 

I don't have access to the machine in question, I can only pass on instructions and hope for the best. I don't believe there is more than 1 username on the machine in question. I can connect to the vpn using their credentials.

 

Many thanks,

 

Phil

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels