Hi,
We've setup a vpn for a client and it uses local credentials. The client decided to have AD authentication and use their AD accounts for VPN access. So on the Meraki it's set to "Active Directory" but every time our vpn client connects it shows us 691: error. Though I'm pretty sure username and password are correct. Below are the settings for the vpn client
L2TP/ipsec with pre-shared key
I checked unencrypted password (PAP) under authentication
Did I miss something which is causing this issue?
Thanks
Jeff
Hi Jeff
Hope you have installed certificate for TLS on your AD server.
Kindly refer to the following Url.
https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_691
I did go to mmc > add a certificate
Anything I missed here?
Thanks
TECH-JEFF
Is there a specific reason you chose the ActiveDirectory option rather than using RADIUS via NPS? No certificate shenanigans to worry about with RADIUS via NPS.
RADIUS via NPS uses the customer's Active Directory accounts. I've used this with a couple dozen clients now.
https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN