Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX64 as a VPN server only

BGFernandes
Comes here often
‎Mar 24 2021 9:36 AM
‎Mar 24 2021 9:36 AM

MX64 as a VPN server only

I have an MX64 that I don't want to use as an internet router/connection but I would like to use it as a VPN server behind a Linksys MR8300. The Mr8300 only supports passthrough not VPN server capable. Can this be done and if so some instruction would be greatly appreciated.

 

Thanks

0 Kudos
11 Replies 11
BrandonS
Kind of a big deal
‎Mar 24 2021 9:41 AM
‎Mar 24 2021 9:41 AM

I think you can port forward UDP/500 and UDP/4500 to the WAN IP of your MX64 and it may work.

 

 

- Ex community all-star (⌐⊙_⊙)
In response to BrandonS
MarcP
Kind of a big deal
‎Mar 24 2021 11:38 AM
‎Mar 24 2021 11:38 AM

As @BrandonS said this should work, yes.

0 Kudos
In response to BrandonS
BGFernandes
Comes here often
‎Mar 24 2021 11:50 AM
‎Mar 24 2021 11:50 AM

Not working.  I am missing something I'm sure.  The MX is now connected from the linksys builtin switch going to the MX internet port.  What am I missing here?  Thanks

0 Kudos
In response to BGFernandes
ww
Kind of a big deal
Kind of a big deal
‎Mar 24 2021 11:57 AM
‎Mar 24 2021 11:57 AM

Did you make the forwarding rules on the linksys to the mx ip?

0 Kudos
In response to ww
BGFernandes
Comes here often
‎Mar 24 2021 12:02 PM
‎Mar 24 2021 12:02 PM

Yes I took care of that.  How do I stop the MX from picking up the Public IP now which shows in the summary on the appliance status.

0 Kudos
In response to BGFernandes
ww
Kind of a big deal
Kind of a big deal
‎Mar 24 2021 12:20 PM
‎Mar 24 2021 12:20 PM

That is just the ip meraki see from the cloud, and the ip you use to connect the vpn session to. The ip the mx has is under the uplink section.

 You see any vpn logging in the event log? 

0 Kudos
In response to ww
BGFernandes
Comes here often
‎Mar 24 2021 12:25 PM
‎Mar 24 2021 12:25 PM

I have some events to analyze.  I will do that and post you back.  Thanks 

0 Kudos
In response to ww
BGFernandes
Comes here often
‎Mar 24 2021 12:42 PM
‎Mar 24 2021 12:42 PM

This is what the log shows.....

 

msg: ISAKMP-SA established XXX.XXX.XXX.XXX[4500]-6.1.0.1[4500] spi:3cb7ed9bf940c327:50f9aab696cb1a33
Mar 24 15:38:59 Non-Meraki / Client VPN negotiationmsg: invalid DH group 19.
Mar 24 15:38:59 Non-Meraki / Client VPN negotiationmsg: invalid DH group 20.
0 Kudos
In response to BGFernandes
BrandonS
Kind of a big deal
‎Mar 24 2021 12:49 PM
‎Mar 24 2021 12:49 PM

Have you had this working previously without the Linksys or is this the first time setting up client VPN?  Did you follow Client VPN configuration for your client from here? https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration

 

There is also a nice doc about troubleshooting client VPN you may go through (if you did not already): https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN

 

 

 

 

- Ex community all-star (⌐⊙_⊙)
0 Kudos
In response to BrandonS
BGFernandes
Comes here often
‎Mar 24 2021 1:04 PM
‎Mar 24 2021 1:04 PM

Was working like a champ before I put in the link sys in

0 Kudos
In response to BGFernandes
BrandonS
Kind of a big deal
‎Mar 24 2021 1:11 PM
‎Mar 24 2021 1:11 PM

Try this: https://aerovisionit.co.uk/pptp-and-l2tp-port-forwarding/ It is also mentioned in the troubleshooting link I shared above.  The only part I think is wrong (or at least I disagree) is needing to port forward UDP/1701.  UDP/1701 is used, but outbound only and should not be opened for unsolicited inbound connections.  

 

The reason I think you need that is because now your L2TP server is behind NAT.

- Ex community all-star (⌐⊙_⊙)
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.