Meraki

Community

User Unable to Connect to VPN

Leitz_IT
New here
‎Dec 2 2020 6:35 AM
‎Dec 2 2020 6:35 AM

User Unable to Connect to VPN

Hello,

 

I have a user that is working remotely using Windows VPN; she hasn't had any issues up until yesterday when she was unable to connect to the VPN (been working remotely ~6-8 months now). I don't know if there was a possible windows update that is preventing her from connecting; but we have 20-25 users that connect via the VPN and she is the only user that isn't able to get a connection.


I've been able to remote to her PC and change the credentials, but continuously get a 789 error..

 

Leitz_IT_0-1606919619330.png

 

We use a preshared key and connect PAP..

 

Leitz_IT_1-1606919664607.png

 

 

I'm at a bit of a loss; unable to figure out why she is unable to connect but all other users can. I believe it is something with windows blocking her or perhaps a firewall update. But as I mentioned she had no issues connecting up until yesterday.

0 Kudos
3 Replies 3
JPena
Meraki Employee
Meraki Employee
‎Dec 2 2020 7:26 AM
‎Dec 2 2020 7:26 AM

Hello!

 

Our client VPN troubleshooting doc goes over some potential causes for the 789 error you're seeing - https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_789

Jose Pena
Network Support Engineer @ Cisco Meraki .:|:.:|:.
In response to JPena
Leitz_IT
New here
‎Dec 2 2020 7:32 AM
‎Dec 2 2020 7:32 AM

Hello,

I did look over the VPN Troubleshooting Document but didn't have any luck..

 

"Firewall blocking VPN traffic to MX
Solution: Ensure UDP ports 500 (IKE) and 4500 (IPsec NAT-T) are being forwarded to the MX and not blocked. If traffic cannot reach the MX on these ports, the connection will timeout and fail."

 

I think this may be the only factor (Firewall blocking.) Our company just uses Windows Defender Firewall thought and there haven't been any updates. Is there a detailed writeup to ensure UDP Ports 500 (IKE) and 4500 (IPsec NAT-T) are being forwarded? I am not too familiar with how to do this..

0 Kudos
In response to Leitz_IT
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Dec 2 2020 12:28 PM
‎Dec 2 2020 12:28 PM

789's are often caused by the large Windows Updates deleting the PSK or changing the authentication to something other than PAP.

 

Delete the VPN connection and re-create it.

 

You could also try my client VPN wizard which uses the VPNv2-CSP engine in Windows 10 which does not seem to have these issues.

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.