Meraki

Community

Client VPN

Will_foss24
Comes here often
‎Jun 19 2023 8:31 AM
‎Jun 19 2023 8:31 AM

Client VPN

Jun 19 08:11:22 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> deleting IKE_SA l2tp-over-ipsec-1[169] between x.x.x.x[x.x.x.x]...x.x.x.x[172.16.105.225]
Jun 19 08:11:22 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> closing CHILD_SA net-1{17} with SPIs c69213dasaf2(inbound) (1444 bytes) 15c004400028(outbound) (383 bytes) and TS x.x.x.x/32[udp/l2f] === x.x.x.x/32[udp/l2f]
Jun 19 08:10:56 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> CHILD_SA net-1{17} established with SPIs c69213dasaf2(inbound) 15c004400028(outbound) and TS x.x.x.x/32[udp/l2f] === x.x.x.x/32[udp/l2f]
Jun 19 08:10:56 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> IKE_SA l2tp-over-ipsec-1[169] established between x.x.x.x[x.x.x.x]...x.x.x.x[172.16.105.225]

 

 

Good day I am having problems with the client VPN. Looks like the connection is established between client and remote site and then i closes out.

On the windows side i get an error message saying "the connection was terminated because the remote computer did not respond in a timely manner. 
I can ping the remote site with success.

 

please any help would be great 

Labels:
0 Kudos
18 Replies 18
Will_foss24
Comes here often
‎Jun 19 2023 9:24 AM
‎Jun 19 2023 9:24 AM

CoId={381CE201-9F8E-0006-F3D0-34388E9FD901}: The user DESKTOP-LN\Wfr dialed a connection named aFPO which has failed. The error code returned on failure is 718.

0 Kudos
In response to Will_foss24
alemabrahao
Kind of a big deal
‎Jun 19 2023 9:27 AM
‎Jun 19 2023 9:27 AM

There is some error code.

 

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
‎Jun 19 2023 9:25 AM
‎Jun 19 2023 9:25 AM

Take a look at this.

 

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting#Common_Causes

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 1:44 PM
‎Jun 19 2023 1:44 PM

Try running rasphone.exe and connecting with that.  It produces better error messages.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 1:45 PM
‎Jun 19 2023 1:45 PM

It could potentially be related to one of the two ends being behind NAT as well.  Try using my VPN Wizard to create the VPN connection for the client.  It adds the extra registry entries required for NAT operation.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

Do any of the client VPN connections work?

0 Kudos
In response to PhilipDAth
Will_foss24
Comes here often
‎Jun 20 2023 7:50 AM
‎Jun 20 2023 7:50 AM

Will_foss24_0-1687272526460.png

 

Good day, after trying your method i was able to get about this far and after about 16 seconds the connection would time out and disconnect.

 

 

 

0 Kudos
In response to Will_foss24
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 20 2023 10:50 AM
‎Jun 20 2023 10:50 AM

Does your MX have a private or public IP address on its WAN interface?

 

If it has a private interface, are you NATing through the following ports?

udp/500

udp/4500

udp/1701

0 Kudos
Will_foss24
Comes here often
‎Jun 20 2023 12:44 PM
‎Jun 20 2023 12:44 PM

On the WAN interface there is a public IP address. 

0 Kudos
Will_foss24
Comes here often
‎Jun 20 2023 12:45 PM
‎Jun 20 2023 12:45 PM

i am able to ping the public IP of the MX from the remote site by IP address and dynamic name 

0 Kudos
In response to Will_foss24
alemabrahao
Kind of a big deal
‎Jun 20 2023 12:47 PM
‎Jun 20 2023 12:47 PM

Is Anyconnect an option? It is much better than L2TP connection.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Will_foss24
Comes here often
‎Jun 20 2023 3:36 PM
‎Jun 20 2023 3:36 PM

when trying the anyconnect option i get the error " No valid certificates available for authentication."

 

still looking into a fix for this

0 Kudos
In response to Will_foss24
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 20 2023 3:54 PM
‎Jun 20 2023 3:54 PM

Wait 10 minutes and try again.  When you first enable it, it has to start the process of getting a certificate.

0 Kudos
In response to Will_foss24
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 20 2023 1:33 PM
‎Jun 20 2023 1:33 PM

Does the MX have a single WAN interface?

 

Have you tried connecting from a different Internet connection?

 

The problem has to be in one of two places - the client end or the MX end.  Perhaps we have been focusing too much on the MX end ...

0 Kudos
In response to PhilipDAth
Will_foss24
Comes here often
‎Jun 20 2023 3:34 PM
‎Jun 20 2023 3:34 PM

the mx has dual wan the redundant wan is not active.

and yes i have tried from another internet connection.

 

maybe some insight on what i may be doing wrong from the client side?

0 Kudos
In response to Will_foss24
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 20 2023 3:54 PM
‎Jun 20 2023 3:54 PM

Is the current active WAN marked as the primary WAN under load balancing?

0 Kudos
In response to PhilipDAth
Will_foss24
Comes here often
‎Jun 20 2023 4:02 PM
‎Jun 20 2023 4:02 PM

yes Wan 1 is marked as the primary WAN under load balancing under the SD-wan and traffic shaping

0 Kudos
Will_foss24
Comes here often
‎Jun 20 2023 4:04 PM
‎Jun 20 2023 4:04 PM

load balancing is disabled.

active-active autoVPN is disabled. 

 

 

0 Kudos
In response to Will_foss24
Eric1234
Just browsing
‎Aug 17 2023 9:03 AM
‎Aug 17 2023 9:03 AM

Any resolution. I am having the exact same issue. I can ping, It fails the same exact way.

0 Kudos
Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.