Hello
I work in a company, and we deployed the following:
SD-WAN - MX67
Switch - MS120
AP - MR44
I configured the Client VPN from the dashboard and created a user to connect with.
I copied the Shared Secret to the Pre-Shared Key in my client (Win10)
I made Sure to input the password we created for the user in the PreShared Key section (under advanced)
When I click connect, it`s just hanging and keeps showing me the "connecting".. nothing happens, no popup to type user & pass nothing.
I noticed, that when I ping the Hostname externally, I don't have reply, should I do something?
What am I doing wrong?
What do you see in the mx logging?
Do you have a public ip on the mx uplink? Or is the mx behind a nat isp router
I dont see a thing in the event log (Organization --> Login Attempts) - am I looking in the correct place?
Yes, I have a fixed IP address on the MX Uplink - it`s not behind NAT
https://documentation.meraki.com/General_Administration/Cross-Platform_Content/Meraki_Event_Log
For mx to respond to external ping you have put in the ip or any
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Denying_Inbound_ICMP_on_the_MX
Checked the Event log in Meraki, as you said, but nothing showing about VPN connectivity...
what else can cause it do you think?
I can see in Windows event log, the "Work VPN requires attention." but no popup to input anything...
Nothing showing up suggests the pre-shared key doesn't match between Windows and Meraki. try a simple pre-shared key.
I read that I need to ensure UDP ports 500 (IKE) and 4500 (IPsec NAT-T) are being forwarded to the MX and not blocked.
Is it needed? What shall I configure on the MX firewall?
https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting#Windows_Error_789
For 500 and 4500 you dont need to set anything on the mx. That is only if your provider/nat router/fw not allow this traffic to your mx interface ip.
If you dont see anything in the event log i would double check your provider is not running nat
Does this show a public or private ip
https://documentation.meraki.com/MX/Other_Topics/Static_IP_Assignment
Indeed, no NAT
It`s getting an IP lease from the ISP
So weird I don't see a thing in the Event Log
That same ip is on the uplink tab?
https://documentation.meraki.com/MX/Other_Topics/Static_IP_Assignment
You are testing the client vpn from another location? Not from a client on the mx lan side
Indeed, the same IP on the Uplink
And yes, checking it from my home to the office where the MX resides
Those are the errors I see in Windows event viewer
First tip - use rasphone.exe to start the VPN connection, as it displays more detailed errors.
The second tip - try a simple password first. Windows does not support all complex passwords.
Failing that, use this wizard to create a powershell script to configure the client VPN on the computer.
https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html