Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX68 - VPN Client Not working

aantunes
Conversationalist
‎Mar 2 2020 1:02 PM
‎Mar 2 2020 1:02 PM

MX68 - VPN Client Not working

Hi, I have recently setup a MX68 on a small office, the office gains internet connection via the Building internet provider.

I have requested for a static IP address (they advised that is unfiltered so all ports are open)
VLAN 1 has a 10.*.*.* range

While when configuring the client VPN I have used

192.168.*.* subnet
DNS - Google public
No Win servers

Basic Secret key for testing purposes as I saw in some posts here that should not use complicated keys
Authentication Meraki Cloud

Tried using my Gmail account, gave myself access(authorised) got the email, setup everything as seens in several posts.
including:
L2TP/IPsec, using PAP

aantunes_0-1583182434841.png
IKE and IPSEC Automatic (running)

aantunes_1-1583182496413.png

Also done the Regedit...

For Windows Vista, 7, 8, 10, and 2008 Server:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent 

RegValue: AssumeUDPEncapsulationContextOnSendRule

Type: DWORD

Value data: 2
Base: Decimal

Event Viewer Error ;

aantunes_1-1583183952198.png


Also Public IP is the Same as the WAN1 IP so not being Natted....


Can someone advised if they had any issues like this out of the box? 


 

 

0 Kudos
Subscribe
3 Replies 3
jdsilva
Kind of a big deal
‎Mar 2 2020 2:43 PM
‎Mar 2 2020 2:43 PM

Start here:

 

https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_789

 

After that, I'd check out the scripts  in @Nash 's signature for configuring your clients.

http://blog.brokennetwork.ca | @jdsilva
Subscribe
Nash
Kind of a big deal
‎Mar 2 2020 2:53 PM
‎Mar 2 2020 2:53 PM

Make sure you're not trying to connect from inside the firewall, as well. Sometimes Windows will throw 789 when you're trying to connect because oops, you're already on the network!

For testing in the office, I recommend a hotspot that's for sure not on your wireless network. If a cell phone, disable wireless on it briefly while you test.
Windows 10 Client VPN scripts: Makes life better!
Subscribe
DensyoV
Meraki Employee
Meraki Employee
‎Mar 2 2020 3:37 PM
‎Mar 2 2020 3:37 PM

Hi,

Change the data encryption to use "Require encryption (disconnect if the server declines)" on the security tab of the VPN connection properties.

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_10

If you are still having an issue, I would recommend taking packet capture on the WAN interface of the MX to verify if your traffic is actually coming through.

hope this helps!
Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.