MX64 Client VPN Issues with Apple MacBook Pro

LevineLM
Comes here often

MX64 Client VPN Issues with Apple MacBook Pro

Hi I am trying to set-up a client VPN with a MacBook Pro onto a MX64 via a BTHub5.

i have set-up all the port forwarding on the BThub and point all ports to the MX internal address. I have followed to the letter the set-up path for the MacBook Pro as per the Meraki documentation and I am using Meraki client authentication. (Email add, password and share secret on Vpn). I have tried to access the VPN via its internal address and via the BThub external WAN with the same issue each time. I am now stuck and am looking for ideas or something I have possibly missed. See event log below for VPN attempts, 1 for the internal address and 1 for the external address.

i have already successfully set-up iPads and iPhones with no issue at all. I just have issues with Apple MacBooks.

msg: failed to begin ipsec sa negotiation.
Sep 18 12:21:03 Non-Meraki / Client VPN negotiation msg: no configuration found for 86.191.xx.xx.
Sep 18 12:20:59 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport 192.168.1.217[4500]->86.191.xx.xx[4500] spi=40049726(0x2631c3e)
Sep 18 12:20:59 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport 192.168.1.217[4500]->86.191.xx.xx[4500] spi=163530292(0x9bf4634)
Sep 18 12:20:59 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA established 192.168.1.217[4500]-86.191.xx.xx[4500] spi:5f881b6ac9b29c95:3f46f2f8976fb3bc

Sep 18 12:15:46 Non-Meraki / Client VPN negotiation msg: failed to begin ipsec sa negotiation.
Sep 18 12:15:46 Non-Meraki / Client VPN negotiation msg: no configuration found for 192.168.1.92.
Sep 18 12:15:45 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport 192.168.1.217[500]->192.168.1.92[500] spi=104847295(0x63fd7bf)
Sep 18 12:15:45 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport 192.168.1.217[500]->192.168.1.92[500] spi=256669008(0xf4c7550)
Sep 18 12:15:44 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA established 192.168.1.217[500]-192.168.1.92[500] spi:8f47e03befaf414a:96419f26ba450f5a

Sent from my iPad

2 REPLIES 2
BrandonS
Kind of a big deal

Are you testing from outside your network?  I wonder if the reason the iPads and iPhones worked is that you were able to test with cellular data and your MacBook is on the internal network?

- Ex community all-star (⌐⊙_⊙)

IPads and iPhones are using any location Wifi and the iPhone's may use 3/4g. Both iPads and IPhones can connect at location of MX on local wifi or external Wi-fi from another location. I know the client Vpn set-up for these types of devices are correct but the first MacBook we set-up fails to connect on local Wifi or external for remote working. We have the standard ports forward from the BTHub5 (ports 500, 1701, 1723 & 4500) to the Lan address of the MX and as per the event log above we can see the handshakes but it fails to connect as it implies no config.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels