Meraki

Community

Client vpn setting issues with windows 10 and 11

WCS-Alan
Here to help
‎Apr 22 2022 5:47 AM
‎Apr 22 2022 5:47 AM

Client vpn setting issues with windows 10 and 11

We installed an MX250 last weekend and all is well except client vpn. I followed the instructions in this article https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_10

 

And on one win10 computer, if I set up the vpn connection with user/password then go to the vpn connection and set the required settings, it changes the vpn properties back to General authentication method, then fails when I try to connect. 

On a Win11 computer I can get the settings set properly, and connect once, then when I disconnect, one setting or the other changes.

2022-04-22 08_31_34-Settings.png2022-04-22 08_45_58-Network Connections.png

 

Has anyone seen this and have a fix?

0 Kudos
11 Replies 11
alemabrahao
Kind of a big deal
‎Apr 22 2022 6:25 AM
‎Apr 22 2022 6:25 AM

@WCS-Alan You can find Powershell scripts to configure the client VPN connection here:

http://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

 

Take a look over some of the common troubleshooting techniques for issues you are going to run into:

https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Common_Connection_Issues

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
WCS-Alan
Here to help
‎Apr 22 2022 7:08 AM
‎Apr 22 2022 7:08 AM

Thanks for that. I can get connected, but when I disconnect one of the settings changes on the client, then I have to go back and set it again, save it. then I can connect again.

So far it is fairly consistent with the win10 computers I have tried. Is there a way to get the settings set so they don't change on their own?

0 Kudos
In response to WCS-Alan
alemabrahao
Kind of a big deal
‎Apr 22 2022 7:12 AM
‎Apr 22 2022 7:12 AM

I am unaware of this situation, once the L2TP connection is configured it should remain unchanged.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
WCS-Alan
Here to help
‎Apr 22 2022 7:32 AM
‎Apr 22 2022 7:32 AM

I agree, it should... but it isn't in our case for whatever reason....

 

0 Kudos
In response to WCS-Alan
Brash
Kind of a big deal
Kind of a big deal
‎Apr 22 2022 7:51 AM
‎Apr 22 2022 7:51 AM

Are these domain joined computers?

Do you have VPN configuration settings pushed via group policy or something similar that is overriding your manual configuration?

0 Kudos
In response to Brash
WCS-Alan
Here to help
‎Apr 22 2022 8:53 AM
‎Apr 22 2022 8:53 AM

They are domain joined, but there isn't a policy for vpn configurations.

0 Kudos
OVERKILL
Building a reputation
‎Apr 22 2022 11:47 AM
‎Apr 22 2022 11:47 AM

Any reason you aren't using AnyConnect? 

0 Kudos
In response to OVERKILL
WCS-Alan
Here to help
‎Apr 25 2022 8:52 AM
‎Apr 25 2022 8:52 AM

I am working towards that. Just trying to get folks connected quickly, then will work on Anyconnect.

 

0 Kudos
In response to WCS-Alan
OVERKILL
Building a reputation
‎Apr 26 2022 12:55 PM
‎Apr 26 2022 12:55 PM

Ahhh, OK, was wondering. I found the Windows client to be more of a pain than it was worth so as soon as I could switch sites to AnyConnect, I did. I expect you'll find the same. 

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Apr 24 2022 10:41 AM
‎Apr 24 2022 10:41 AM

I believe Windows just shows it as general authentication in the GUI, but in essence it is still the same like you have saved it.

If you want to see what is actually under the hood you need to use some Powershell:

Get-VpnConnection -ConnectionName "nameofyourVPN" and check if all the fields are correct.

If you are using split tunnel like you should you can get your routes like this:
(Get-VpnConnection -ConnectionName "nameofyourVPN").Routes

Make sure you have the correct pre shared key and you are using Pap and optional or noencryption as encryption parameter.

AIOtech
Conversationalist
‎Apr 27 2022 10:42 AM
‎Apr 27 2022 10:42 AM

If you have access to CMAK i'd suggest using that to build your client VPN.  It's been a while since I used CMAK and set ours up, but after configuring with CMAK you'll get a VPN client exe.  Then you can just double click on it to install on machines, or roll it out however you prefer.  Yes it's old, but still works great.  We are using Radius L2TP/IPSEC with our MX for the windows client VPN.  Here's more info on it: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.