I have been trying to set up a vpn and going on crazy for the last 48 hrs. spent lots of time in google and can't get the VPN to work ( tested on Phone and Macbook and laptop)
I have a C3700-100NAS Cable Modem router that is connected to the MX64 and I have a Switch ( MS120-8LP) Wireless AP .
The Router is connected to my ISP Cable coax and i have an ethernet cable to goes from the router into the MX64 Internet port.
LAN 1 on the MX64 goes directly into the Switch on port 1
The AP is connected to port 2 on the switch and i have other device connected to the ports ( PS4, IPTV, Docking station, etc)
The router is in Route mode when i check the setting under advanced ( i can connect to the router by entering the IP into the browser or connection an ethernet cable into the router port ( it has 2 port )
I have tried to set up the VPN from Security & SD-WAN and no luck getting my phone ( connected on LTE) or laptop ( connected on a hotspot) .
I can't see any tracking under event logs
xx.xx.xx.xx Active ( it's an ISP IP address)
hostname : xxxxx-xxxxx-xxxx-xxxxx-xxxxxx.dynamic-m.com
subnet : 192.168.1.0/24 ( I type that in the field) and i tried to create in the addressing and VLANS and i get
There were errors in saving this configuration:
DNS : use google
WINS Server : no wins server
Shared secret : ( i type a simple password)
authentication : meraki cloud
The subnet that you create under Security & SD-WAN -> Client VPN must be different to the other subnets that you have created on the MX. The client will be given an IP address from this subnet, and the MX will handle the routing from that assigned IP address to the other subnets on the MX.
I'm going crazy on 48 hrs trying to set up vpn
what is the simplest way to do it ?
what subnet need to used under the vpn creation. i tried to put in the one from when i do ipconfig and it would not take it
been trying for 48hrs and going crazy.
Whatever you want.... say 172.16.1.0/24 if you're not using that anywhere else.
i tried 172.16.1.0/24 that and got the error message
Settings could not be saved. Please verify that your connection is working and try again.
my ip under ipconfig are 12.168.128xxx
i do not see any 172 ip range
Sorry, I thought you got the error when you were creating the Client VPN. If you were able to put 192.168.1.0/24 into the Client VPN configuration on the Meraki Dashboard then that is fine. You don't need to create this VLAN/subnet on the MX.
When you have the VPN client on your Windows machine working you will see both the 12.168.128.xxx address, and you'll also see the address of the VPN/L2TP adapter, which will be in the 192.168.1.0/24 range that you added under client VPN in the Meraki Dashboard. If you're not getting the 192.168.1.0/24 address then your client VPN isn't connecting for some reason. Have a look in the MX event log and see if there are any messages there.
sorry my ip 192.168.128.1 ( MX 64)
the router ip is 192.168.0.1 ( Gateway)
WAN IPV4 192.168.0.24
i'm really struggling . please help me
in the meraki the LAN setting is single LAN
subnet 192.168.128.0/24
when i want create the client VPN and under subnet it list an example as 192.168.1.0/24 ( do i need to use that ??)
What subned for a client VPN i need to put in ?
You don't need to use 192.168.1.0/24, but you can.
As you are behind the NetGear router, and appear to have a Private IP address on the WAN port of the MX64, you will need to ensure that the NetGear is forwarding ports UDP500 and UDP4500 (for IKE and IPSec NAT-T) to the IP address on the WAN port of the MX64.
Have a look through this document too, it may provide some assistance, https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN
that is the problem i'm having and cant figure out
can you tell me what ip i need to put in the port forward
does it goes from 192.168.0.24 ( router) to 192.168.128.1 (MX64) ( UDP 500 and 4500)
VPN-PPTP
Service Type
TCP
External Starting Port
500
(1~65535)
External Ending Port
500
(1~65535)
Use the same port range for Internal port
Internal Starting Port
500
(1~65535)
Internal Ending Port
500
Internal IP address ??
External IP Address ??
I read this bit and wondered if you are connecting from an ipv6 only host.
“..no luck getting my phone ( connected on LTE) or laptop ( connected on a hotspot)..”
I pulled my hair out for a while before discovering I could never connect to Meraki from T-Mobile because Meraki doesn’t support ipv6 for client VPN.
Hi
i just want to be able to connect via RDP when i travel
how can i set up the port forwarding in my netgear i'm really struggling
what is the Internal IP and external ip i need to use as forwarding ??
router IP is 192.168.0.1
MX64 IP is 192.168.128.1
if i put the router ip address or the mx64 in the browser i get the same page result ( see below)
do i need to route from Router to MX64 ( route from 192.168.0.24 to mx ip address)
i thing the solution to my problem is the router port forwarding for 500 and 4500 and struggling to get it done
Your client connection
Client IP 192.168.128.28
Client MAC
Speed test
Run a browser-based speed test to check your connection to this security appliance.
Run speed test
Security Appliance details
Network name
Hardware address
Product model MX64
Ethernet
This security appliance is directly connected to a local network.
IP address: 192.168.0.24
Internet
This security appliance is connected to the Internet.
Cisco Meraki cloud
This security appliance is successfully connected to the Cisco Meraki cloud.
The port forwarding needs to be configured on the Netgear Cable Modem, have a look at the Add a Custom Port Forwarding Service in the user manual, https://www.downloads.netgear.com/files/GDC/C3700/C3700_All_MSOs_UM_EN.pdf#page85.
You won’t need to configure a source (or external) address (as that’s the address the modem gets from your cable provider), you’ll need to configure the destination (or internal) address as the address of the WAN port on the MX64 (i.e. 192.168.0.24). You’ll need to configure one port forward for UDP500 and another for UDP4500.
I tried it and it mess up some of my application
for example i used ABS-B for plane spotting and it was not working so i had to stop the port forwarding and it went back to normal
.why is port forwarding messing up the other applications?
is it affecting all the ports?
below is exactly what i did
does it look right
i'm confused about the Use the same port range for Internal port
Port forward shouldn’t mess up other applications unless they’re using the same port, which for UDP 500 and 4500 they shouldn’t unless they’re establishing a VPN - they’re well known ports.
What you have looks about right, but you can probably get away with only UDP, rather than TCP/UDP if it’s an option. You only need the single ports, no ranges, and you could use the ‘same port for internal range option’.
still can't get it to work
Mar 16 20:18:56 | Non-Meraki / Client VPN negotiation | msg: purged IPsec-SA proto_id=ESP spi=1485482832. | |
Mar 16 20:18:56 | Non-Meraki / Client VPN negotiation | msg: IPsec-SA established: ESP/Transport 192.168.0.24[4500]->73.61.19.6[4500] spi=38369682(0x2497992) | |
Mar 16 20:18:56 | Non-Meraki / Client VPN negotiation | msg: IPsec-SA established: ESP/Transport 192.168.0.24[4500]->73.61.19.6[4500] spi=128748962(0x7ac8da2) | |
Mar 16 20:18:52 | Non-Meraki / Client VPN negotiation | msg: purged IPsec-SA proto_id=ESP spi=92950814. | |
Mar 16 20:18:52 | Non-Meraki / Client VPN negotiation | msg: IPsec-SA established: ESP/Transport 192.168.0.24[4500]->73.61.19.6[4500] spi=1485482832(0x588aab50) | |
Mar 16 20:18:52 | Non-Meraki / Client VPN negotiation | msg: IPsec-SA established: ESP/Transport 192.168.0.24[4500]->73.61.19.6[4500] spi=6085396(0x5cdb14) | |
Mar 16 20:18:49 | Non-Meraki / Client VPN negotiation | msg: purged IPsec-SA proto_id=ESP spi=3541076808. |
Looks like your port forward is working. What logs are you getting on the client end?
I was able to connected to the Meraki VPN but now i do not have internet access
That's because by default the Windows VPN client does a full tunnel, so all your traffic is being sent to the MX by Windows, you need to configure the Windows client to use split tunnel.
so everything is working fine now , thanks all for the help and guidance and sorry for the delay replying
Good to hear it’s working. Well done working through the problems.
Hello! Could you please share how you managed to get it to work? I am having the same exact problem.
I went into the Netgear router ( usually it's 192.168.x.x) and logged with my credential and then set up a port forwarding
for port 500 and 4500 ( UDP) so it goes from my router and forward into the MX64 and that solved the problem .
my home set up is a Modem Router that connect to the Mx64 and then it goes to Meraki switch and Wireless AP .
only thing i see in the event log in meraki is intrusion detected started
I have the client vpn laptop connected to hotspot and i get the l2tp connection attempt failed because of security layer
using the windows vpn connection client for windows10 ( i tried the ip address and server name )
I put in 192.168.1.0/24 when i created the subnet ( that is what is used as an example)
do i need to create that subnet ?? i'm confused
under addressing and VLAN i have single lan
192.168.128.0/24 and MX ip 192.168.128.1
if i do a ping of 192.168.1.0/24
ping 192.168.1.0
Pinging 192.168.1.0 with 32 bytes of data:
Reply from 192.168.128.1: Destination host unreachable.
Reply from 192.168.128.1: Destination host unreachable.
Reply from 192.168.128.1: Destination host unreachable.
Reply from 192.168.128.1: Destination host unreachable.
Ping statistics for 192.168.1.0:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),