MX100 Android Clients can't connect to VPN.

Ted-Laun
Comes here often

MX100 Android Clients can't connect to VPN.

Windows clients have been connecting in our environment for years and continued when we upgraded to the MX100 3 months ago. I now have the need to connect mobile clients. iPhone and iPads connect with no problem. I have now tried 3 Androids and have yet to connect. Client config couldn't be more basic. You just need Hostname and shared-key. 

 

Mar 22 16:33:05 Non-Meraki / Client VPN negotiationmsg: IPsec-SA expired: ESP/Transport "removed IP on client side"[4500]->1"removed IP on server side"[4500] spi=149273251(0x8e5baa3)
Mar 22 16:32:49 Non-Meraki / Client VPN negotiationmsg: unknown Informational exchange received.
3 REPLIES 3
ww
Kind of a big deal
Kind of a big deal

Re: MX100 Android Clients can't connect to VPN.

I dont have a mx100 but i use the vpn with android using this settings. You sure you selected the correct settings?

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Android

Ted-Laun
Comes here often

Re: MX100 Android Clients can't connect to VPN.

YES

Ted-Laun
Comes here often

Re: MX100 Android Clients can't connect to VPN.

I think I might have found the issue and it isn't pretty. 

 

Encryption Method
Client VPN uses the L2TP/IP protocol, with 3DES and SHA1 respectively as the encryption and hashing algorithms. As a best practice, the shared secret should not contain any special characters at the beginning or end.
 
 
from
 
My Shared Secret has a special character as described and  was chosen by a Cisco certified partner 4 years ago. I will test this after hours soon . If this is the issue this means we have to touch every device with a VPN client unless someone knows another way. 

 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.