Meraki VPN with AD authentication

TECH-JEFF
Here to help

Meraki VPN with AD authentication

Hi,

 

We've setup a vpn for a client and it uses local credentials. The client decided to have AD authentication and use their AD accounts for VPN access. So on the Meraki it's set to "Active Directory" but every time our vpn client connects it shows us 691: error. Though I'm pretty sure username and password are correct. Below are the settings for the vpn client

 

L2TP/ipsec with pre-shared key

I checked unencrypted password (PAP) under authentication

 

Did I miss something which is causing this issue?

 

Thanks

Jeff

 

 

5 REPLIES 5
AjitKumar
Head in the Cloud

Hi Jeff

Hope you have installed certificate for TLS on your AD server.

 

Kindly refer to the following Url.

https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_691

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network

I did go to mmc > add a certificate

 

Anything I missed here?

 

Thanks

TECH-JEFF

Nash
Kind of a big deal

Is there a specific reason you chose the ActiveDirectory option rather than using RADIUS via NPS? No certificate shenanigans to worry about with RADIUS via NPS. 

@Nash

 

It's a customer preference to use their AD accounts. 

 

TECH-JEFF

Nash
Kind of a big deal

RADIUS via NPS uses the customer's Active Directory accounts. I've used this with a couple dozen clients now.

 

https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels