Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Client VPN

Solved
Patrik73
Getting noticed
‎Apr 20 2023 1:24 PM
‎Apr 20 2023 1:24 PM

Client VPN

Hello!
 
I have a problem with Client VPN.
We are using Meraki Cloud authenticating.
 
Computer are AD-connected and the users login with their AD-account on the computer.
firstname.lastname@domain.local
 
The VPN-accounts are registered to their mail-address.
firstname.lastname@domain.com
 
We are mapping the drives with GPO, so when they start their computers at home there is a red cross over the drives.
Then they connect with VPN and try to open the drive and gets an error.
Microsoft Windows Network: The local device name is already in use
 
I have found that if I change their username for VPN to the same they have in the domain then it works.
But that name isn't mail enabled because we use domain.local as name.
 
Is there anyway to solve this without having to change my UPN in my domain?
Labels:
0 Kudos
Subscribe
1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 20 2023 2:00 PM
‎Apr 20 2023 2:00 PM

I am very rough on this now - but the issue is because Windows uses VPN credentials by default to access other Windows resources.

 

This may not be 100% right, but will get you pretty close.  You need to edit the Windows phone book via a text editor:
%ProgramData%\Microsoft\Network\Connections\Pbk\rasphone.pbk
And change UseRasCredentials to 0.

 

If that doesn't work, Google UseRasCredentials.

View solution in original post

0 Kudos
Subscribe
11 Replies 11
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 20 2023 1:29 PM
‎Apr 20 2023 1:29 PM

Have you tried configuring the Wins Server?

 

alemabrahao_0-1682022493817.png

 

Is there a possibility to use your Local AD to authenticate instead of the Meraki Base?

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Patrik73
Getting noticed
‎Apr 20 2023 1:41 PM
‎Apr 20 2023 1:41 PM

Hi and thanks for reply.

I have no problem ping netbios name of servers FQDN name when connected with VPN.
In the Windows VPN connection I have added the DNS-suffix.

 

Yes, that's one way to go.

Setup either AD-authentication or Radius-server.

But I Cannot change it right now and would really like to know if this is solvable or not.

 

Of course I can change their accounts on Meraki Cloud to match their AD-account, but it wont be mail-enabled so we then must hand them their username and passwords manually.

Or add the public domainname as an UPN-domainname in the local AD and change all users domain.

 

But would really like to fix this without doing that, at least for now.

0 Kudos
Subscribe
In response to Patrik73
alemabrahao
Kind of a big deal
Kind of a big deal
‎Apr 20 2023 1:57 PM
‎Apr 20 2023 1:57 PM

As far as know, the only way is to use the same domain name or map it by IP instead of name.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
Patrik73
Getting noticed
‎Apr 20 2023 1:59 PM
‎Apr 20 2023 1:59 PM

Thanks again!

 

Not sure mapping to IP will solve it, but I will give it a try. 🙂

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 20 2023 2:00 PM
‎Apr 20 2023 2:00 PM

I am very rough on this now - but the issue is because Windows uses VPN credentials by default to access other Windows resources.

 

This may not be 100% right, but will get you pretty close.  You need to edit the Windows phone book via a text editor:
%ProgramData%\Microsoft\Network\Connections\Pbk\rasphone.pbk
And change UseRasCredentials to 0.

 

If that doesn't work, Google UseRasCredentials.

0 Kudos
Subscribe
In response to PhilipDAth
Patrik73
Getting noticed
‎Apr 20 2023 3:16 PM
‎Apr 20 2023 3:16 PM

Thank you!
That seems to work.

Not sure I will implement it though. 🙂

But at least now I know what the problem is.

Maybe AD authentication or Radius is what I need to plan for.

Subscribe
In response to Patrik73
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 20 2023 3:24 PM
‎Apr 20 2023 3:24 PM

You can try using my client VPN wizard to create a powershell script to configure the VPN.  I don't think it has the same issue.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

You can also use the more advanced client VPN, AnyConnect.  It doesn't have the issue, either.

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance 

Subscribe
In response to Patrik73
Mantach
New here
‎Jun 13 2023 2:12 AM
‎Jun 13 2023 2:12 AM

Hi Patrik,

 

I'm having the same problem, however my VPN client windows don't have the Windows phone book.

What was the most effective practice for you?

0 Kudos
Subscribe
In response to Mantach
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 13 2023 2:46 AM
‎Jun 13 2023 2:46 AM

Did you try my cookbook above to generate a powershell script to create the VPN connection?

0 Kudos
Subscribe
In response to PhilipDAth
Mantach
New here
‎Jun 13 2023 3:38 AM
‎Jun 13 2023 3:38 AM

Not yet, VPN connection is there but the only challenge is the mapped drives.

0 Kudos
Subscribe
In response to Mantach
Patrik73
Getting noticed
‎Jun 16 2023 1:41 PM
‎Jun 16 2023 1:41 PM

We skipped that part with the phonebook and instead went for Radius-server for a while.

But soon after we went for radius with AnyConnect. 🙂

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.