VPN Client Issue

LaithCpE
Comes here often

VPN Client Issue

Hello,

 

I have an issue with a client of mine, I configured for him VPN client in his windows 10 machine, and we tested it in Saudi Arabia and it was working fine, then this client travelled to Egypt to work from there, but the VPN connection was denied due to the Error 789,

 

We checked with Meraki Support and we found out that the request of the port 4500 is being blocked from the internet ISP for my client home internet, we tested multiple ISPs there and it appears it is the same issue, the port 4500 is blocked.

 

How can we solve this issue? anybody has a workaround to mitigate this?

 

Thanks Guys,

3 Replies 3
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @LaithCpE , unfortunately you’re not going to be able to change the ports that the client VPN is using.

 

Are you able to bring the user in via another route? RDP from remote IP to an internal machine maybe?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
KarstenI
Kind of a big deal
Kind of a big deal

I would deploy a dedicated VPN-gateway with a TLS-based remote-access-VPN. Works better in many of these restricted scenarios. A Cisco Firepower Appliance with AnyConnect could be used.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
BrandonS
Kind of a big deal

Maybe a bit of a stretch and a chore, but I understand Meraki has AnyConnect client VPN under beta.  You could ask support about enabling it and see if it works from that location. I have no idea if it uses different ports and protocols, but it may.

 

- Ex community all-star (⌐⊙_⊙)
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels