VPN not connecting

ErnstTFD
Getting noticed

VPN not connecting

Hello,

 

I enabled Client VPN, configured a pre-shared key. I chose Meraki Cloud authentication and configured a new user with VPN authentication.

 

When I try to connect to the VPN form a remote system I get this error:

 

"The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer"

 

I copy/pasted the pre-shared key, the username and the password, so there cannot be a typing error.

 

I created and deleted the VPN connection three times. Every time I get the same error.

 

Any ideas what I might be doing wrong?

 

Capture2.PNGCapture.PNG

22 REPLIES 22
ErnstTFD
Getting noticed

I also changed this encryption setting as I found the instruction on the Meraki help pages. This did not change anything. Connection still fails with the same error.

 

Screenshot 2022-09-22 125047.png

@ErnstTFD,

 

The first thing you should to check is the Windows Event Viewer, and find the error code.

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting#Common_Windows_erro....

 

Also check in Control Panel > Administrative Tools > Services if IKE and AuthIP IPsec keying modules is disabled.

I checked the Windows Event log and it gives code 789. I followed all the steps in the troubleshooting guide for error 789.

1) Check pre-shared key, this I double checked it is 100% correct.

2) Firewall blocking traffic. I created rules to allow all traffic on ports 500 en 4500 in as well as out.

3) IKE and AuthIP service is running.

 

I still get the same error and the same code in the event log.

One question. Are you testing using the same internet link, or are you testing with another link? Like 4G.

I just performed a test and It worked well. Have you checked If the has any update to be installed on Windows?

Running latest windows update now, will confirm.

We have 2 internet lines, I tested over the backup line. Then I also tested with my mobile hot-spot on my phone, ie. 4G. Same results.

It's look like a Windows issue, Is it possible to test It with another Windows machine (It can be a virtual machine)?

Just tried a second PC. Same error. 😭

Try to enable Chap and check If are you sharing your internet connection on your network adapter. If yes, disable It.

 

But It's very strange.

 

 

Sorry, what is "Chap" and how do I enable it? Internet is not shared.

alemabrahao_0-1663857275126.png

 

Chap enabled on both PC's with same results.

@ErnstTFD 

 

Is it possible to permit my user on VPN? If yes, send me a direct message. I think at the most of the time I had problems with VPN it was the Windows machine issue.

For a quick test I can allow that. However it is time for me to go home now and I will only be back in the office tomorrow morning. Can we take this up again tomorrow? I will send a reply when I am back in the office tomorrow.

 

(Thank you very much for your assistance so far, it is very much appreciated).

Yes, sure. 🙂

Hello, I'm back at the office. We can setup a test whenever you are ready.

Hi @ErnstTFD ,

 

Sorry about delay, I'm in a different time zone. We can perform a test now.

GreenMan
Meraki Employee

Did you follow the configuration guide?   In my experience, doing it just using Windows wizards etc. never works - you need to follow the step-by-step guide carefully for your version of OS:   https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview

Check out the Network-wide > Event log for details of what the MX is seeing too. 

You can, of course, also ask for assistance from Meraki Support.

I followed the configuration guide yes.

 

I also checked the event log, but nothing shows up here.

Johnfnadez
Building a reputation

Have you checked the events on the Meraki dashboard regarding Client VPN

 

Usually I have configured windows machines generating the power shell config with this script and avoid human errors:


https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

 

Regards!

 

Johnny Fernandez
Network & Security Engineer
CCNP | JNCIP-SEC | CMNA

Hi, I used this script tool to create a VPN Profile. The result is the same when I try to connect the VPN. Thanks for the advice though, the script tool is handy.

 

Question: If I run the script by clicking on it an select "Run script" it fails. I opened the script in ISE and tried to run it and got an error "Unable to remove existing instance(s) of TFD Meraki profile: Access denied"

I then re-opened ISE in administrator mode and then the script executed fine.

Is there a way to run the script as an administrator without opening ISE?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels