Meraki

Community

L2TP Connection Attempt Failed

Dawson
Comes here often
‎Apr 30 2025 8:09 PM
‎Apr 30 2025 8:09 PM

L2TP Connection Attempt Failed

Hello,
We had a VPN set up by our ISP (SaskTel).  We have a laptop that we want to connect to the VPN, by a person who's not in town.  The person does use Starlink as their ISP.  I have added the information to the laptop and have succesfully on many networks around our community via Wifi.  One at my house, my co-workers house, our shop and another shop in town.

However, when she takes the laptop back home to work remotly this error keeps popping up and I cannot seem to get it to work while she's back at home.  I am at a total loss.


Dawson_0-1746068159798.png

 

0 Kudos
6 Replies 6
Mloraditch
Kind of a big deal
‎Apr 30 2025 9:28 PM
‎Apr 30 2025 9:28 PM

CGNAT (which Starlink uses) and L2TP is often problematic. 

Officially they don't support L2TP:
https://www.starlink.com/support/article/aa5aecf3-e97c-e84e-3f87-8d2ecdfde857

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Main10ence
Meraki Employee
Meraki Employee
‎May 1 2025 7:48 AM
‎May 1 2025 7:48 AM

Hello @Dawson,

 

Please ensure that the remote ISP device is configured to forward 500/4500 downstream to the laptop. 

 

You can also validate by running a Wireshark packet capture on the wireless interface of the laptop while attempting the client VPN connection.

.ılı.ılı. Cisco Meraki
Network Support Engineer

"The future favors the bold."
0 Kudos
Mloraditch
Kind of a big deal
‎May 1 2025 8:07 AM
‎May 1 2025 8:07 AM

I should add that I'd recommend getting Secure Client (AnyConnect) licensing and switching to that. It's not that expensive and should work with most any ISP situation

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
thaack
Getting noticed
‎May 1 2025 9:20 AM
‎May 1 2025 9:20 AM

If you open up event viewer and look at rasman logs, what does it say the connect fail code is?

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 1 2025 2:49 PM
‎May 1 2025 2:49 PM

My first suggestion - buy some AnyConnect licences and change across to using that.  Much better.

 

If you want to continue using the Microsoft client VPN, try using my wizard to create a PowerShell script to configure it.  It sets some registry keys which makes it more likely to work through NAT.

https://ifm.net.nz/cookbooks/meraki-client-vpn.html

 

In response to PhilipDAth
thaack
Getting noticed
‎May 2 2025 5:36 AM
‎May 2 2025 5:36 AM

This - AssumeUDPEncapsulationOnContextSendRule reg edit was my main suggestion.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.