MX84 Client VPN - some users cannot connect

Monkey
Conversationalist

MX84 Client VPN - some users cannot connect

I have just recently set up an MX84 device to use Client VPN for 50 users. I can't seem to get two of my users to connect. I was wondering if anyone had any similar issues and if they were able to resolve. We use RADIUS authentication.

 

Steps Taken

I gave them all a PowerShell script that auto configured the VPN according to the Client VPN OS Configuration. So everyone has the same setup. 

 

I also followed every step in Troubleshooting Client VPN - still no luck. Disabled IPV6 on all tunnel interfaces as well. Set the VPN to a private network and even put users into a DMZ on their firewalls to allow all traffic.

 

User 1

ISP: Frontier

Hardware: ARRIS NVG589

 

"The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.

 

L2TP Traffic never makes it to the MX device, but the user can ping the MX outside IP.

 

User 2

ISP: Charter communications

Hardware: TP-Link Archer

"A connection to the remote computer could not be established. You might need to change the network settings for this connection"

 

L2TP Traffic makes it to the MX device but doesn't seem to return to the client 

 

 

Any ideas on how to further troubleshoot or resolve?

5 Replies 5
BlakeRichardson
Kind of a big deal
Kind of a big deal

Looking at your description I would check both of the users firewalls outgoing firewall rules. They both look like consumer grade routers so it might be worth checking if they have a VPN passthru option on them. 

 

Good luck

PhilipDAth
Kind of a big deal
Kind of a big deal

If they connect via a different Internet connection (say 3G) do they have the same issue?

WadeAlsup
A model citizen

Hi @Monkey

 

Have you had them power cycle their modems/routers? Might sound crazy, but I've seen it a handful of times where the traffic wasn't passing through their edge devices correctly until a reboot. 


Found this helpful? Give me some Kudos! (click on the little up-arrow below) and If my reply solved your issue, please mark it as a solution 🙂
Monkey
Conversationalist

Thanks for the replies, unfortunately, I still can't get user 2 working
User 1 

Fixed by reinstalling MIMO drivers

 

User 2

Still having issues, windows error 809. I checked the outgoing firewall rules, and even creating a rule allowing all traffic to my IP address. Also forwarded UDP ports 50, 500, 4500, and 1701 to the computer in the NAT table. Packet captured and found no dropped traffic. I am having them replace their firewall to see if that helps. I think there's something funny going on with the NAT traversal. 

 

BlakeRichardson
Kind of a big deal
Kind of a big deal

@Monkey I have seen issues with cheap routers using NAT. Has the IP range the rotuer is using been changed from the factory default? 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels