Hi,
I'm fairly new to Meraki, I inherited a preconfigured network and there's little to no documentation about what was done.
Long story short, now that everyone is working from home, I noticed that only one vpn client is allowed per public IP, meaning that employees who share an internet connection, can't use the VPN at the same time. After the first client connects, the second one will get error 809 and the troubleshooting steps don't fix the issue, only disconnecting the first machine will allow the second to connect.
I've been searching through the configuration and documentation but haven't found a restriction of this kind.
Has anyone else had the same issue?
Solved! Go to solution.
They're using the native vpn client, we couldn't get other clients to work with Meraki.
Btw, I found the solution, I checked the firmware as suggested yesterday and it was already running the Beta version but it wouldn't allow me to roll back to the latest stable version (something about the Beta being installed for too long).
I noticed that scheduling a firmware downgrade was allowed, so I gave it a shot, firmware downgraded successfully and now the VPN is working almost as expected.
I'm still having issues with AD authentication but at least Meraki's built in authentication method works.
Try adding the AssumeUDPEncapsulationContextOnSendRule registry key.
https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809
Already tried the registry key but that didn't work, btw, this happens to everyone, even I did a test at home and got the same result, computer 1 connects, computer 2 doesn't
Assuming it's a NAT issue on the ISP's side, that will turn into a nightmare, I know of at least 2 pairs of users that don't have control over their ISP's modem.
I'll try working with a user that has a regular setup first and see if something can be done.
Thanks!
You may find upgrading the firmware on the user's ISP router also resolves it (it is a NAT issue).
You could try a newer firmware version of the MX in depseration.
Haha I'm past the desperation point but I don't want to break anything else... yet.
I wanted to make sure if it could be an issue with the current configuration / device or if it was just normal behavior.
I'll post my results after talking to the ISP
Does the soft client work different than say a Z3? I have never had issues with multiple Z3/MX at home for testing behind a single NAT router. But I have never tested the soft client.
They use completely different mechanisms.
@Abe13 Are the client devices using Windows native VPN client or other 3rd party software?
Have you opened a support case about this?
They're using the native vpn client, we couldn't get other clients to work with Meraki.
Btw, I found the solution, I checked the firmware as suggested yesterday and it was already running the Beta version but it wouldn't allow me to roll back to the latest stable version (something about the Beta being installed for too long).
I noticed that scheduling a firmware downgrade was allowed, so I gave it a shot, firmware downgraded successfully and now the VPN is working almost as expected.
I'm still having issues with AD authentication but at least Meraki's built in authentication method works.