Meraki Community

Martin-cantwell · ‎Jul 14 2023

During a recent deployment, I encountered a connectivity issue when enabling the Client VPN. In Setup 1, there was a Modem in front of the MX acting as a VDSL terminator in bridge mode. Initially, I suspected this configuration to be the root cause of the problem. The client attempting to connect to the VPN would consistently experience server timeouts. To investigate further, I checked the MX logs but found no helpful information.

Curiously, I encountered a similar issue when setting up a Client VPN at site 2, where the WAN was terminated directly at the MX. However, when I decided to change the secret password, the client was able to establish a successful connection instantly. Encouraged by this result, I revisited site 1 and also changed the secret password. To my satisfaction, the client was now able to connect successfully.

PhilipDAth · ‎Jul 16 2023

When the MX is behind a device doing NAT you have to add an extra registry entry to the client. I don't recall exactly what it is, but this client VPN wizard creates a powershell that includes that change:
https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

Make sure you are port forwarding udp/500, udp/4500 and udp/1701.

Martin-cantwell · ‎Jul 16 2023

The Modem isn't nat'ting it's in bridge mode and doesn't require any port forwards. In this context its acts as a media converter, converting the VDSL to ethernet.

Yes you would be correct if the configuration was using routing mode, Port forwards would be required

Meraki Community

MX Client VPN

MX Client VPN