Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Client VPN

Will_foss24
Comes here often
‎Jun 19 2023 8:31 AM
‎Jun 19 2023 8:31 AM

Client VPN

Jun 19 08:11:22 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> deleting IKE_SA l2tp-over-ipsec-1[169] between x.x.x.x[x.x.x.x]...x.x.x.x[172.16.105.225]
Jun 19 08:11:22 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> closing CHILD_SA net-1{17} with SPIs c69213dasaf2(inbound) (1444 bytes) 15c004400028(outbound) (383 bytes) and TS x.x.x.x/32[udp/l2f] === x.x.x.x/32[udp/l2f]
Jun 19 08:10:56 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> CHILD_SA net-1{17} established with SPIs c69213dasaf2(inbound) 15c004400028(outbound) and TS x.x.x.x/32[udp/l2f] === x.x.x.x/32[udp/l2f]
Jun 19 08:10:56 Client VPNClient VPN negotiationmsg: <l2tp-over-ipsec-1|169> IKE_SA l2tp-over-ipsec-1[169] established between x.x.x.x[x.x.x.x]...x.x.x.x[172.16.105.225]

 

 

Good day I am having problems with the client VPN. Looks like the connection is established between client and remote site and then i closes out.

On the windows side i get an error message saying "the connection was terminated because the remote computer did not respond in a timely manner. 
I can ping the remote site with success.

 

please any help would be great 

Labels:
0 Kudos
Subscribe
18 Replies 18
Will_foss24
Comes here often
‎Jun 19 2023 9:24 AM
‎Jun 19 2023 9:24 AM

CoId={381CE201-9F8E-0006-F3D0-34388E9FD901}: The user DESKTOP-LN\Wfr dialed a connection named aFPO which has failed. The error code returned on failure is 718.

0 Kudos
Subscribe
In response to Will_foss24
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 9:27 AM
‎Jun 19 2023 9:27 AM

There is some error code.

 

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 9:25 AM
‎Jun 19 2023 9:25 AM

Take a look at this.

 

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting#Common_Causes

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 1:44 PM
‎Jun 19 2023 1:44 PM

Try running rasphone.exe and connecting with that.  It produces better error messages.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 19 2023 1:45 PM
‎Jun 19 2023 1:45 PM

It could potentially be related to one of the two ends being behind NAT as well.  Try using my VPN Wizard to create the VPN connection for the client.  It adds the extra registry entries required for NAT operation.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

Do any of the client VPN connections work?

0 Kudos
Subscribe
In response to PhilipDAth
Will_foss24
Comes here often
‎Jun 20 2023 7:50 AM
‎Jun 20 2023 7:50 AM

Will_foss24_0-1687272526460.png

 

Good day, after trying your method i was able to get about this far and after about 16 seconds the connection would time out and disconnect.

 

 

 

0 Kudos
Subscribe
In response to Will_foss24
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 20 2023 10:50 AM
‎Jun 20 2023 10:50 AM

Does your MX have a private or public IP address on its WAN interface?

 

If it has a private interface, are you NATing through the following ports?

udp/500

udp/4500

udp/1701

0 Kudos
Subscribe
Will_foss24
Comes here often
‎Jun 20 2023 12:44 PM
‎Jun 20 2023 12:44 PM

On the WAN interface there is a public IP address. 

0 Kudos
Subscribe
Will_foss24
Comes here often
‎Jun 20 2023 12:45 PM
‎Jun 20 2023 12:45 PM

i am able to ping the public IP of the MX from the remote site by IP address and dynamic name 

0 Kudos
Subscribe
In response to Will_foss24
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 20 2023 12:47 PM
‎Jun 20 2023 12:47 PM

Is Anyconnect an option? It is much better than L2TP connection.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
Will_foss24
Comes here often
‎Jun 20 2023 3:36 PM
‎Jun 20 2023 3:36 PM

when trying the anyconnect option i get the error " No valid certificates available for authentication."

 

still looking into a fix for this

0 Kudos
Subscribe
In response to Will_foss24
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 20 2023 3:54 PM
‎Jun 20 2023 3:54 PM

Wait 10 minutes and try again.  When you first enable it, it has to start the process of getting a certificate.

0 Kudos
Subscribe
In response to Will_foss24
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 20 2023 1:33 PM
‎Jun 20 2023 1:33 PM

Does the MX have a single WAN interface?

 

Have you tried connecting from a different Internet connection?

 

The problem has to be in one of two places - the client end or the MX end.  Perhaps we have been focusing too much on the MX end ...

0 Kudos
Subscribe
In response to PhilipDAth
Will_foss24
Comes here often
‎Jun 20 2023 3:34 PM
‎Jun 20 2023 3:34 PM

the mx has dual wan the redundant wan is not active.

and yes i have tried from another internet connection.

 

maybe some insight on what i may be doing wrong from the client side?

0 Kudos
Subscribe
In response to Will_foss24
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 20 2023 3:54 PM
‎Jun 20 2023 3:54 PM

Is the current active WAN marked as the primary WAN under load balancing?

0 Kudos
Subscribe
In response to PhilipDAth
Will_foss24
Comes here often
‎Jun 20 2023 4:02 PM
‎Jun 20 2023 4:02 PM

yes Wan 1 is marked as the primary WAN under load balancing under the SD-wan and traffic shaping

0 Kudos
Subscribe
Will_foss24
Comes here often
‎Jun 20 2023 4:04 PM
‎Jun 20 2023 4:04 PM

load balancing is disabled.

active-active autoVPN is disabled. 

 

 

0 Kudos
Subscribe
In response to Will_foss24
Eric1234
New here
‎Aug 17 2023 9:03 AM
‎Aug 17 2023 9:03 AM

Any resolution. I am having the exact same issue. I can ping, It fails the same exact way.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.