Unable to connect to Meraki Client VPN

Roey1984
Building a reputation

Unable to connect to Meraki Client VPN

Hello

 

I work in a company, and  we deployed the following:

SD-WAN  -  MX67  

Switch - MS120

AP - MR44

 

I configured the Client VPN from the dashboard and created a user to connect with.

I copied the Shared Secret to the Pre-Shared Key in my client (Win10)

I made Sure to input the password we created for the user in the PreShared Key section (under advanced)

 

 

Roey1984_0-1682241317099.png

 

Roey1984_1-1682241425752.png

 

 

 

When I click connect, it`s just hanging and keeps showing me the "connecting".. nothing happens, no popup to type user & pass nothing.

 

Roey1984_2-1682241481120.png

 

 

 

I noticed, that when I ping the Hostname externally, I don't have reply, should I do something?

Roey1984_3-1682241518609.png

What am I doing wrong?

 

12 Replies 12
ww
Kind of a big deal
Kind of a big deal

What do you see in the mx logging?

Do you have a public ip on the mx uplink? Or is the mx behind a nat isp router

Roey1984
Building a reputation

I dont see a thing in the event log   (Organization --> Login Attempts) - am I looking in the correct place?

Yes, I have a fixed IP address on the MX Uplink - it`s not behind NAT

 

Roey1984
Building a reputation

Checked the Event log in Meraki, as you said, but nothing showing about VPN connectivity...

what else can cause it do you think?

 

I can see in Windows event log, the "Work VPN requires attention."  but no popup to input anything...

PhilipDAth
Kind of a big deal
Kind of a big deal

Nothing showing up suggests the pre-shared key doesn't match between Windows and Meraki.  try a simple pre-shared key.

Roey1984
Building a reputation

I read that I need to ensure UDP ports 500 (IKE) and 4500 (IPsec NAT-T) are being forwarded to the MX and not blocked.

 

Is it needed? What shall I configure on the MX firewall?

ww
Kind of a big deal
Kind of a big deal

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting#Windows_Error_789

 

For 500 and 4500 you dont need to set anything on the mx. That is only if your provider/nat router/fw not allow this traffic to your mx interface ip.

 

If you dont see anything in the event log i would double check your provider is not running nat

Does this show a public or private ip

https://documentation.meraki.com/MX/Other_Topics/Static_IP_Assignment

Roey1984
Building a reputation

Indeed, no NAT

It`s getting an IP lease from the ISP 

 

So weird I don't see a thing in the Event Log

Roey1984_0-1682248477035.png

 

ww
Kind of a big deal
Kind of a big deal

That same ip is on the uplink tab?

https://documentation.meraki.com/MX/Other_Topics/Static_IP_Assignment

 

You are testing the client vpn from another location? Not from a client on the mx lan side

Roey1984
Building a reputation

Indeed, the same IP on the Uplink

And yes, checking it from my home to the office where the MX resides

Roey1984_0-1682249294124.png

 

Roey1984
Building a reputation

Those are the errors I see in Windows event viewer

mmc_YpNKerM09s.pngmmc_DGu37o969w.pngmmc_fgJHTirMV1.png

PhilipDAth
Kind of a big deal
Kind of a big deal

First tip - use rasphone.exe to start the VPN connection, as it displays more detailed errors.

 

The second tip - try a simple password first.  Windows does not support all complex passwords.

 

Failing that, use this wizard to create a powershell script to configure the client VPN on the computer.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

 

Get notified when there are additional replies to this discussion.