I enabled Client VPN, configured a pre-shared key. I chose Meraki Cloud authentication and configured a new user with VPN authentication.
When I try to connect to the VPN form a remote system I get this error:
"The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer"
I copy/pasted the pre-shared key, the username and the password, so there cannot be a typing error.
I created and deleted the VPN connection three times. Every time I get the same error.
Any ideas what I might be doing wrong?
The first thing you should to check is the Windows Event Viewer, and find the error code.
Also check in Control Panel > Administrative Tools > Services if IKE and AuthIP IPsec keying modules is disabled.
I checked the Windows Event log and it gives code 789. I followed all the steps in the troubleshooting guide for error 789.
1) Check pre-shared key, this I double checked it is 100% correct.
2) Firewall blocking traffic. I created rules to allow all traffic on ports 500 en 4500 in as well as out.
3) IKE and AuthIP service is running.
I still get the same error and the same code in the event log.
Is it possible to permit my user on VPN? If yes, send me a direct message. I think at the most of the time I had problems with VPN it was the Windows machine issue.
For a quick test I can allow that. However it is time for me to go home now and I will only be back in the office tomorrow morning. Can we take this up again tomorrow? I will send a reply when I am back in the office tomorrow.
(Thank you very much for your assistance so far, it is very much appreciated).
Did you follow the configuration guide? In my experience, doing it just using Windows wizards etc. never works - you need to follow the step-by-step guide carefully for your version of OS: https://documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview
Check out the Network-wide > Event log for details of what the MX is seeing too.
You can, of course, also ask for assistance from Meraki Support.
Have you checked the events on the Meraki dashboard regarding Client VPN
Usually I have configured windows machines generating the power shell config with this script and avoid human errors:
Hi, I used this script tool to create a VPN Profile. The result is the same when I try to connect the VPN. Thanks for the advice though, the script tool is handy.
Question: If I run the script by clicking on it an select "Run script" it fails. I opened the script in ISE and tried to run it and got an error "Unable to remove existing instance(s) of TFD Meraki profile: Access denied"
I then re-opened ISE in administrator mode and then the script executed fine.
Is there a way to run the script as an administrator without opening ISE?