Meraki

Roey1984 · ‎Apr 23 2023

Hello

I work in a company, and we deployed the following:

SD-WAN - MX67

Switch - MS120

AP - MR44

I configured the Client VPN from the dashboard and created a user to connect with.

I copied the Shared Secret to the Pre-Shared Key in my client (Win10)

I made Sure to input the password we created for the user in the PreShared Key section (under advanced)

When I click connect, it`s just hanging and keeps showing me the "connecting".. nothing happens, no popup to type user & pass nothing.

I noticed, that when I ping the Hostname externally, I don't have reply, should I do something?

What am I doing wrong?

ww · ‎Apr 23 2023

What do you see in the mx logging?

Do you have a public ip on the mx uplink? Or is the mx behind a nat isp router

Roey1984 · ‎Apr 23 2023

I dont see a thing in the event log (Organization --> Login Attempts) - am I looking in the correct place?

Yes, I have a fixed IP address on the MX Uplink - it`s not behind NAT

ww · ‎Apr 23 2023

For mx to respond to external ping you have put in the ip or any

Roey1984 · ‎Apr 23 2023

Checked the Event log in Meraki, as you said, but nothing showing about VPN connectivity...

what else can cause it do you think?

I can see in Windows event log, the "Work VPN requires attention." but no popup to input anything...

PhilipDAth · ‎Apr 23 2023

Nothing showing up suggests the pre-shared key doesn't match between Windows and Meraki. try a simple pre-shared key.

Roey1984 · ‎Apr 23 2023

I read that I need to ensure UDP ports 500 (IKE) and 4500 (IPsec NAT-T) are being forwarded to the MX and not blocked.

Is it needed? What shall I configure on the MX firewall?

ww · ‎Apr 23 2023

For 500 and 4500 you dont need to set anything on the mx. That is only if your provider/nat router/fw not allow this traffic to your mx interface ip.

If you dont see anything in the event log i would double check your provider is not running nat

Does this show a public or private ip

Roey1984 · ‎Apr 23 2023

Indeed, no NAT

It`s getting an IP lease from the ISP

So weird I don't see a thing in the Event Log

ww · ‎Apr 23 2023

That same ip is on the uplink tab?

You are testing the client vpn from another location? Not from a client on the mx lan side

Roey1984 · ‎Apr 23 2023

Indeed, the same IP on the Uplink

And yes, checking it from my home to the office where the MX resides

Roey1984 · ‎Apr 23 2023

Those are the errors I see in Windows event viewer

PhilipDAth · ‎Apr 23 2023

First tip - use rasphone.exe to start the VPN connection, as it displays more detailed errors.

The second tip - try a simple password first. Windows does not support all complex passwords.

Failing that, use this wizard to create a powershell script to configure the client VPN on the computer.

Community