Newbie Meraki questions

tantony
Head in the Cloud

Newbie Meraki questions

Hello,

 

I have a couple of questions.

 

I have Client VPN setup on the MX68.  For now, I'm using the Meraki cloud authentication for VPN.  I have the MX68 directly connected to a Cisco router and to a Juniper SRX. 

 

I'm testing the Meraki, so I'm the only one on the Meraki network (172.17.0.1) now.  I'm able to ping the Cisco network (172.16.0.1), and the Juniper network (172.16.64.1).  When I connect to the Meraki VPN, I can only ping the Meraki network, why is that?

 

Second question, I want to use Acitve Directory authentication for the VPN.  I followed this guide and I have the AD connected to the MX now.  For some reason, when I use AD authentication for VPN, It says the username or password is wrong.  I called MX support, and we tried a bunch of variations, but nothing works.  MX support said they can see directional traffic on their side, which means MX and AD are communicating.  They want me to check my AD logs to see why the authentication fails.  Any ideas?

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Active_Directory_Integra...

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration

 

Thanks,

 

Tony

5 Replies 5
PhilipDAth
Kind of a big deal
Kind of a big deal

Check the device that is the default gateway for the 172.16.64.1 network, and make sure that device has a route for the client VPN range via the MX.

The default gateway for the 172.16.64.1network is the Cisco router. I already have a static route on it to point to the MX on 192.168.10.x

 

My client VPN ip range is on 192.168.50.x, I’ll add that. 

tantony
Head in the Cloud

Please help me understand, I’m new to VPN

 

Why do I need a route to be added to Cisco router for MX VPN range if I already have a route on Cisco to the MX network?

 

Secondly, I know people have issues with Windows VPN client, so I’m not even sure if the reason why I can’t use AD authentication is a Windows issue. 

PhilipDAth
Kind of a big deal
Kind of a big deal

>Why do I need a route to be added to Cisco router for MX VPN range if I already have a route on Cisco to the MX network?

 

If you have a default route then that is all that is needed.  You haven't said what routing you have in place.  At a minimum, their needs to existing a routable path for the client VPN subnet (which could be the default route).

 

 

I'm not sure why your AD authentication is not working.  Another person here recently had an issue with AD authentication as well.  I'm wondering if there is some general issue.

As far as I know, it’s both a Windows and Meraki issue. 

 

Its a Windows issue because Windows settings goes back to default VPN Client settings even if you save it. 

 

Its a Meraki issue because Meraki won’t support AnyConnect. 

 

I’m on a trial MX from Meraki, but if I can’t get the VPN to work, I have to look at other firewalls. I’ve been back and forth between MX support, but they can’t figure it out.  

 

I know I can use MX with Cisco router so I can use AnyConnect, but this defeats the purpose. 

Get notified when there are additional replies to this discussion.