MX Client VPN

Martin-cantwell
Here to help

MX Client VPN

During a recent deployment, I encountered a connectivity issue when enabling the Client VPN. In Setup 1, there was a Modem in front of the MX acting as a VDSL terminator in bridge mode. Initially, I suspected this configuration to be the root cause of the problem. The client attempting to connect to the VPN would consistently experience server timeouts. To investigate further, I checked the MX logs but found no helpful information.

 

Curiously, I encountered a similar issue when setting up a Client VPN at site 2, where the WAN was terminated directly at the MX. However, when I decided to change the secret password, the client was able to establish a successful connection instantly. Encouraged by this result, I revisited site 1 and also changed the secret password. To my satisfaction, the client was now able to connect successfully.

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

When the MX is behind a device doing NAT you have to add an extra registry entry to the client.  I don't recall exactly what it is, but this client VPN wizard creates a powershell that includes that change:
https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

Make sure you are port forwarding udp/500, udp/4500 and udp/1701.

Martin-cantwell
Here to help

The Modem isn't nat'ting it's in bridge mode and doesn't require any port forwards. In this context its acts as a media converter, converting the VDSL to ethernet. 

 

Yes you would be correct if the configuration was using routing mode, Port forwards would be required 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels