Has anyone seen this Windows Event Viewer Error Code 718? I'm trying to setup a client VPN to one of our sites but get this error. It tries to connect and I get a login prompt but fails with "The connection was terminated because the remote computer did not respond in a timely manner." The same logs repeat every try too. I've deleted and rebuilt the VPN connection many times. I'd appreciate any help because 718 is not on the help https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN. Thanks!
Feb 5 13:08:16 | Non-Meraki / Client VPN negotiation | msg: ISAKMP-SA deleted IPx.x.x.118[4500]-x.x.x.146[4500] spi:5fada4c87aee2278:cd839c4b4a14cd46 | |
Feb 5 13:08:16 | Non-Meraki / Client VPN negotiation | msg: ISAKMP-SA expired IPx.x.x.118[4500]-x.x.x.188.146[4500] spi:5fada4c87aee2278:cd839c4b4a14cd46 | |
Feb 5 13:08:16 | Non-Meraki / Client VPN negotiation | msg: purged IPsec-SA proto_id=ESP spi=691213782. | |
Feb 5 13:07:36 | Non-Meraki / Client VPN negotiation | msg: IPsec-SA established: ESP/Transport x.x.x.118[4500]->x.x.x.146[4500] spi=691213782(0x293315d6) | |
Feb 5 13:07:36 | Non-Meraki / Client VPN negotiation | msg: IPsec-SA established: ESP/Transport x.x.x.118[4500]->x.x.x.146[4500] spi=173791877(0xa5bda85) | |
Feb 5 13:07:36 | Non-Meraki / Client VPN negotiation | msg: ISAKMP-SA established x.x.x.118[4500]-x.x.x.146[4500] spi:5fada4c87aee2278:cd839c4b4a14cd46 | |
Feb 5 13:07:36 | Non-Meraki / Client VPN negotiation | msg: invalid DH group 19. | |
Feb 5 13:07:36 | Non-Meraki / Client VPN negotiation | msg: invalid DH group 20. |
The remote site seems to be sitting behind another device doing NAT. Can you get rid of that so the public IP is directly on the remote MX itself?
Failing that, make sure udp/500 and UDP/4500 are NATed through to the remote MX.
Failing that, seem if there is a firmware upgrade for the device sitting in front of the remote MX.
The Public IP is directly connected to the MX84 and I'm testing from a Commercial Comcast circuit. The firmware says it's up to date:
I'm going to look more into the UDP ports 500 and 4500. Thanks for the feedback!
Do you have the same problem when the client connects from a different Internet connection - such as a 4G connection?
>The Public IP is directly connected to the MX84 and I'm testing from a Commercial Comcast circuit.
To be clear, the MX84 uplink tab reports a public IP address on its WAN interface (not a private IP NATed to a public IP)?