@Kave Can you please post a screenshot of the error message you are getting thanks.
Also how have you setup the VPN connection on the Mac?
Do you get to the point of entering a username password?
If not double check the PSK is entered correctly.
What are you authenticating against? Internet Meraki username/password, RADIUS, something else?
I am using MAC OSX to connect to my Meraki Home Network true Client VPN. My Meraki MX is behind a Service Provider ADSL Router witch is making NAT, so you need to open the specific port to be able to connect to the MX as VPN Device. But as you tell us that with other Device it is working this is not the Problem. are you Using a other User? Every User must be Enabled for VPN Connection.
On the Mac Site i go to Network Settings and and a VPN:
After this be sure your Shared key is correct. This was my problem some time.
Also be sure that your are testing from the same Place as the other Systems witch are working. As for example from my corporate network I can not connect as the Ports for VPN are Blocked. I alway use my Mobile Phone Hotespot.
Hope this helps you. If not just send some Pictures of your MAC Settings.
Regards Michel Rueger
I also have an MX behind a third party security appliance (aka Kharon).
I am uncertain as to which IP address to use in the port forwarding rule on Kharon.
The MX uplinks to Kharon on a LAN - 192.168.22.0/28 and receives an IP address from the DHCP server on that link.
Both the MX and Kharon have NAT active, for reasons of functionality and security. It does not have any impact upon the sipgate phone system.
Any guidance would be greatly appreciated
The best way is to use the DNS Name of your WAN Conection. This one is visible on the main dashboard view of your MX:
Or you are using the Public IP but this one will change all the time. On your ADSL Router or Firewall in front of your MX you need to Make a Port forward to the ip address of the WAN interface:
This information you find on the Uplink TAB
So the VPN Client connect to the public Name or IP. The front Firewall or ADSL Router NAT to the WAN interface from the MX
Hope this helps
I have a port forwarding rule set to pass UDP ports 500 and 4500 through the firewall when being sent to 192.168.22.14, which is the MX WAN IP DHCP address. I can ping 192.168.22.14 however. This IP address does not change.
Now, the connection attempt fails quite quickly, but I don't see any meaningful error logging on any machine.
I just checked everithing at home and I have the following Seetings.
To my Internet Provider I have a XDSL ROuter with Firewall. on this I added a Portforwarding to the Meraki WAN IP Adress for:
sorry it is german 🙂 in fact the UPD Port 500 and 4500 are forwardet to the IP Adress of the MX WAN. qitch in my case is 192.168.1.101 as the network between the Internet Router and the MX is 192.168.1.0. Behind the MX also LAN site I have 192.168.4.0.
I point my MAC VPN Setting to the Public IP or DNS from the Internet Router witch is shown in the Dashboard of the MX as Public Name or IP.
The Client VPN Settings of the MX are the following:
This is plan helps perhaps to understand.
I hope this helps.
Thanks very much for that. What I have done already, looks like what you have set up. However, I need to check that the port forwarding rule I set up, actually does what I intended it to do. As configuring firewall features on the non-Meraki Security Appliance are unnecessarily complicated, it is easy to get it wrong.
Thanks so much, I shall work on it in the morning.
I am using Radius and windows, Android can connect successfully, MAC-Os was connected successfully too but I'm not sure maybe MAC- OS update or something else must cause of the problem, I'm using Fixed public IP on MX
Guys, I'm happy to tell you the problem has been solved, I found the way which is not the solution but it works.
instead Server Address Meraki DNS, I just used my Meraki public IP and IOS has been connected to VPN, High Seria can connect with both ( Meraki DNS and Meraki Public IP) But Mobile IOS and macOS Mojave or less had problem with Meraki DNS But work well by Meraki public IP. 🙂