Meraki

Community

Guide: Client VPN Troubleshooting

SoCalRacer
Kind of a big deal
‎Jan 8 2020 8:48 AM
‎Jan 8 2020 8:48 AM

Guide: Client VPN Troubleshooting

We all know the Client VPN has its weakness and troubleshooting those issues can be somewhat of a pain. To help I am providing a guide of fixes/suggestions found in the community (Not specifically endorsed by Meraki 😉). This is definitely a WIP (Work in Progress) type of guide. I will try to add items and format the guide with time. Ideally in time organizing them by OS/Auth/Error Code is my goal. If you have any suggestions I have missed please reply so I can add them.

 

 

GENERIC

Reboot device having issues

Does the MX have a public IP?

Is the client behind a NAT device? Run tracert to verify

Has support changed your encryption settings?

Use a different internet connection (hotspot or mobile) to test

Verify device is not behind the MX trying to VPN to?

Is the MX behind a device doing NAT (ISP Modem – bridge if possible)?

Any other 3rd-Party Software on the affected system that could be causing an issue (Endpoint security, AV, etc.)?

Have you tried a different device to VPN in with? (using a phone helps to rule that it is a device issue and not Meraki )

Uninstalled any existing VPN software?

Good General Info - https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

 

 

WINDOWS

Try using Rasphone.exe (Windows built-in)

Is the device Windows 10 Pro?

Is Xbox Live Networking Service off?

If using Dell machine make sure you remove SmartByte

https://community.meraki.com/t5/Network-Wide/Dell-Laptops-and-VPN-access/m-p/12826#M321

Use known powershell script to install profile

Tried network reset? (netsh int ip reset)

Checked Windows Reliability Monitor for recent updates/issues/performance?

Tried limited boot with majority of services/programs disabled?

Verify you have encryption set to optional, not required on the adapter properties?

 

MAC

MacOS remove Local Profile -System Preferences -> Networking -> Location profile

 

RADIUS

Modify msRADIUSServiceType

https://community.meraki.com/t5/Security-SD-WAN/Meraki-VPN-Some-users-get-691-error-when-authenticat...

Try basic preshared key (password)

Change to Meraki Auth if possible to verify

Certificate expired on server?

Verify LAN IP of domain controller hasn't changed

Verify AD domain admin credentials

 

MERAKI

Verify Meraki credential on the web

 

 

2 Replies 2
Seshu
Meraki Employee
Meraki Employee
‎Jan 9 2020 8:08 AM
‎Jan 9 2020 8:08 AM

@SoCalRacer First of all, I appreciate the effort put in to get the list of steps. 

 

We also have a detailed KB Article that lists the steps, error codes and their meaning that would help us in troubleshooting the Client VPN connectivity problems. If you see anything missing in the KB, please do submit a suggestion on the dashboard using the "Make a Wish" button and we will be glad to take a look at it.

 

Let me know if you have any questions.

 

Regards,

Meraki Team

In response to Seshu
jdsilva
Kind of a big deal
‎Jan 9 2020 8:26 AM
‎Jan 9 2020 8:26 AM

Hi @Seshu ,

 

There are a fair number of posts here on the community with people having problems with Client VPN. I don't think it's any secret that the Meraki docs don't cover every aspect of troubleshooting client VPN, especially on Windows. I think posts like this, and scripts created by people like @Nash are tremendously helpful to people who are trying to Google solutions. 

 

And no offense, but we all know that making a wish is mostly likely one of the slowest ways to get something added/modified/changed. 

 

🙂

http://blog.brokennetwork.ca | @jdsilva
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.