Dear community,
we are currently changing the network infrastructure at a customer location. One of the first steps was to put the existing Meraki MX 80 behind a new pfSense firewall. Everything is working fine except connecting from outside windows machines to the Merkai IPsec vpn gate. Macs running on the same network as the windows machines did connect within 2-3 seconds, iPhones, Androids, no problems, just the windows 7, 8, 10 boxes telling that the vpn server does not respond. On the other hand, ping from the windows box to the Meraki does work. Meraki dashboard also shows no existing problems.
The public fixed ip previously assigned to the Merkai is now configured on the firewall. There are NAT entries for the ports tcp/udp 500 und 4500 to be send to the Merkai and an 1:1 outbound nating that everything comming from the Meraki will be send through its old public ip.
It looks like I am missing the point but I could not find the right clue. May be someone on the board can send me in the right direction.
Best regards,
Mike Bobkiewicz
Solved! Go to solution.
@MiBob It still applies. See here: https://justworks.ca/blog/what-happened-to-my-vpns-on-windows-72008r2
@MiBob You may need to make the registry change found here: https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t...
This help document seems to be for windows vista / w2k8 l2tp servers. Non of these systems are involved and the Meraki is the vpn server.
Best regards,
Mike
@MiBob It still applies. See here: https://justworks.ca/blog/what-happened-to-my-vpns-on-windows-72008r2
Thank you very much for the clarification! I will give it a try tomorrow afternoon and report back if it works.
Best regards,
Mike
Thank you so much! Works on my clean Win 10 Pro box. I will roll it out to my clients so they can check it on their older systems. When I run into some other problems I will come back, till then assume the problem as solved.
Best regards,
Mike
Is there any chance that pfSense has some kind of VPN support on it (such as IPSec/PPTP, etc) and Windows is attempting some other kind of VPN before L2TP and getting a response from pfSense which is causing the issue? I would try and make sure all types of VPN are disabled on pfSense.
No there are no additional vpn services on the pfSense configured and running. All vpn accounts are handled by the Meraki cloud.
Best regards,
Mike