Error on First AnyConnect Setup with MX67

marcelago
New here

Error on First AnyConnect Setup with MX67

Hello -

 

We just received an MX67 router and purchased AnyConnect licenses to establish VPN on some home machines for remote work. I configured AnyConnect through the Meraki dashboard and downloaded the Cisco Secure Access Client on a laptop to test on my cellular hotspot. I get the error "Connection attempt has timed out. Please verify internet connectivity." and am unsure what is causing this error. I have checked online and saw that firewall could be preventing connection so I checked my laptops firewall and tried on another computer but received the same error. 

 

I believe it may be an issue with the WAN Ip Address that was automatically assigned in the dashboard as I saw in another forum that this Ip Address needed to be public. However, I'm not really sure how I can verify that I have the correct IP. I am even unsure if my Gateway and DNS addresses are correct in that same WAN section.

 

marcelago_0-1730142301465.png

Sorry for all the censorship, I am not sure what is safe to give out so in an abundance of caution I removed all information specific to me.

 

We do have a static IP from our provider if that is relevant to this.

 

I see that it's active but there is no trace in the log of attempted connections. Please help.

 

Thanks in advance!

1 Reply 1
Mloraditch
A model citizen

You definitely do need an actual public IP. That can be accomplished by direct connection to the MX from your ISP or via 1 to 1 NAT and appropriate rules in an upstream firewall. vMXs and Concentrators are the most likely scenarios for the latter situation.

There are also corner cases with some ISPs like Starlink operating things with CGNAT. Without your IP addresses we can't be certain if you are hitting any of these situations specifically.

 

The one other situation that may occur is your ISP blocking 443 upstream to you despite giving you a public IP. I've definitely seen things like that. You may need to check with them. The ones I've dealt with will usually disable that blocking on business accounts  upon request.


I suggest a quick call to Meraki Support who can verify your connectivity vis-a-vis the IPs and verify if your Anyconnect traffic is making it to the MX.

Get notified when there are additional replies to this discussion.