MX100 Android Clients can't connect to VPN.

Ted-Laun
Comes here often

MX100 Android Clients can't connect to VPN.

Windows clients have been connecting in our environment for years and continued when we upgraded to the MX100 3 months ago. I now have the need to connect mobile clients. iPhone and iPads connect with no problem. I have now tried 3 Androids and have yet to connect. Client config couldn't be more basic. You just need Hostname and shared-key. 

 

Mar 22 16:33:05 Non-Meraki / Client VPN negotiationmsg: IPsec-SA expired: ESP/Transport "removed IP on client side"[4500]->1"removed IP on server side"[4500] spi=149273251(0x8e5baa3)
Mar 22 16:32:49 Non-Meraki / Client VPN negotiationmsg: unknown Informational exchange received.
3 REPLIES 3
ww
Kind of a big deal
Kind of a big deal

I dont have a mx100 but i use the vpn with android using this settings. You sure you selected the correct settings?

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Android

Ted-Laun
Comes here often

YES

Ted-Laun
Comes here often

I think I might have found the issue and it isn't pretty. 

 

Encryption Method
Client VPN uses the L2TP/IP protocol, with 3DES and SHA1 respectively as the encryption and hashing algorithms. As a best practice, the shared secret should not contain any special characters at the beginning or end.
 
 
from
 
My Shared Secret has a special character as described and  was chosen by a Cisco certified partner 4 years ago. I will test this after hours soon . If this is the issue this means we have to touch every device with a VPN client unless someone knows another way. 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels