Meraki

Community

Unable to connect Client VPN

Solved
Mad_Dog_82
Here to help
‎Mar 22 2024 3:19 AM
‎Mar 22 2024 3:19 AM

Unable to connect Client VPN

Hi All,

 

Cisco Meraki Model MX65.

I try to connect VPN from iPhone and Windows 11.

On both devices I get:

 

vpn error.jpg

 

IMG_0064.jpeg

 

Below is the configuration on Windows 11 laptop.

 

w11 vpnsettings.jpg

 

Compared VPN client configuration on Meraki with another device.

VPN account details are correct.

Pre-shared key is correct.

 

Could you please help to investigate why VPN doesn't connect.

Labels:
0 Kudos
1 Accepted Solution
In response to Mad_Dog_82
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 23 2024 4:28 AM
‎Mar 23 2024 4:28 AM

So the server IP is wrong or this MX is behind a NAT.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

8 Replies 8
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 22 2024 3:31 AM
‎Mar 22 2024 3:31 AM

Check the connection properties.

 

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows

 

alemabrahao_0-1711103479979.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 22 2024 3:36 AM
‎Mar 22 2024 3:36 AM

You can also check this.

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Mad_Dog_82
Here to help
‎Mar 22 2024 8:26 PM
‎Mar 22 2024 8:26 PM

Hi @alemabrahao 

I tried VPN Connection Properties as on your screenshot but still the same error.

As I mentioned in the first post there is another Meraki router with identical VPN configuration and Client VPN works like a charm on that router.

Could it be related to the device or Meraki OS being faulty or Client VPN license is absent.

May be some firewall rules should be added?

 

P.S. I tested Client VPN on another Meraki (same MX65 model) that belongs to the same organization just branch office and was able to connect VPN.

0 Kudos
In response to Mad_Dog_82
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 23 2024 4:28 AM
‎Mar 23 2024 4:28 AM

So the server IP is wrong or this MX is behind a NAT.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Mad_Dog_82
Here to help
‎Mar 23 2024 12:32 PM
‎Mar 23 2024 12:32 PM

Hi @alemabrahao 

I think you may be right.

This looks like the Meraki device behind a provider's router.

 

Screenshot 2024-03-24 062612.png

 

In this case can I use dynamic hostname instead or it wouldn't work either?

0 Kudos
In response to Mad_Dog_82
Amin_Costa
Conversationalist
‎Mar 24 2024 5:16 AM
‎Mar 24 2024 5:16 AM

Hi @Mad_Dog_82,

 

I would suggest that your request the provider to configure a port forward on his router to your device using the ports 500 and 4500.

 

There's another solution that you may use, the Cisco Anyconnect that may be more simple to configure.

 

Hope that helps.

0 Kudos
Shubh3738
Building a reputation
‎Mar 23 2024 1:14 AM
‎Mar 23 2024 1:14 AM

Server address missing

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 23 2024 3:44 PM
‎Mar 23 2024 3:44 PM

If your MX is sitting behind a NATed connection, you'll need an extra registry entry to allow the VPN to work.  I have a VPN config wizard which creates a powershell script.  Run that to configure client VPN on any Windows machines machine you want.  They should make it work.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

The iPhone - if it is using a carrier doing CGNAT it may never work.

 

 

If you want a solution that will work 99.999% of the time, but a licence for Cisco Secure Client (used to be called AnyConnect), and use that instead.

ps. AnyConnect licences are "honesty" based so you can try it out first to verify that it will work.

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.