Meraki

MiBob · ‎Oct 17 2017

Dear community,

we are currently changing the network infrastructure at a customer location. One of the first steps was to put the existing Meraki MX 80 behind a new pfSense firewall. Everything is working fine except connecting from outside windows machines to the Merkai IPsec vpn gate. Macs running on the same network as the windows machines did connect within 2-3 seconds, iPhones, Androids, no problems, just the windows 7, 8, 10 boxes telling that the vpn server does not respond. On the other hand, ping from the windows box to the Meraki does work. Meraki dashboard also shows no existing problems.

The public fixed ip previously assigned to the Merkai is now configured on the firewall. There are NAT entries for the ports tcp/udp 500 und 4500 to be send to the Merkai and an 1:1 outbound nating that everything comming from the Meraki will be send through its old public ip.

It looks like I am missing the point but I could not find the right clue. May be someone on the board can send me in the right direction.

Best regards,

Mike Bobkiewicz

MRCUR · ‎Oct 17 2017

@MiBob It still applies. See here: https://justworks.ca/blog/what-happened-to-my-vpns-on-windows-72008r2

MRCUR | CMNO #12

View solution in original post

Adam · ‎Oct 17 2017

If the Mac, Android and iPhones connect to the VPN properly but the Windows machines don't I'd start by verifying the client VPN configuration on the Windows machines. Seems possible that a common element needs to be corrected on those.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.

MiBob · ‎Oct 17 2017

That is the thing that puzzles me: before the Meraki was set behind the firewall the same windows clients could connect to the box. After the problem popped up I did a clean install of a Win 10 Pro at a remote location and followed the Meraki documentation step by step to configure the l2tp connection. Does not work, iPhone on the wlan of that location just logged in.

MRCUR · ‎Oct 17 2017

@MiBob You may need to make the registry change found here: https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t...

MRCUR | CMNO #12

MiBob · ‎Oct 17 2017

This help document seems to be for windows vista / w2k8 l2tp servers. Non of these systems are involved and the Meraki is the vpn server.

Best regards,

Mike

MRCUR · ‎Oct 17 2017

@MiBob It still applies. See here: https://justworks.ca/blog/what-happened-to-my-vpns-on-windows-72008r2

MRCUR | CMNO #12

MiBob · ‎Oct 17 2017

Thank you very much for the clarification! I will give it a try tomorrow afternoon and report back if it works.

Best regards,

Mike

MiBob · ‎Oct 18 2017

Thank you so much! Works on my clean Win 10 Pro box. I will roll it out to my clients so they can check it on their older systems. When I run into some other problems I will come back, till then assume the problem as solved.

Best regards,

Mike

PhilipDAth · ‎Oct 17 2017

Is there any chance that pfSense has some kind of VPN support on it (such as IPSec/PPTP, etc) and Windows is attempting some other kind of VPN before L2TP and getting a response from pfSense which is causing the issue? I would try and make sure all types of VPN are disabled on pfSense.

MiBob · ‎Oct 18 2017

No there are no additional vpn services on the pfSense configured and running. All vpn accounts are handled by the Meraki cloud.

Best regards,

Mike

Meraki

Community

Meraki MX 80 behind Firewall: No vpn for Windows Clients

Meraki MX 80 behind Firewall: No vpn for Windows Clients