Meraki

Community

VPN not prompting for username and password when enabled on Meraki MX64W...?

Solved
JayBlackcreek
Here to help
‎Jul 14 2023 10:54 AM
‎Jul 14 2023 10:54 AM

VPN not prompting for username and password when enabled on Meraki MX64W...?

Hello there,


First time posting here!

 

I have enabled Client VPN on a Meraki MX64W. It has been given a hostname, configured a subnet, configured to use Umbrella to solve host names, create a shared secret, used Meraki Cloud Authentication and configured two users to be authorized for Client VPN. 


However, I create the VPN connection in Windows with the correct settings and hostname, etc. when I click on the VPN, a prompt to enter username and password never appears and then eventually shows an L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer. Windows is running 10 22H2.

 

Any ideas? Thanks in advance.

 

Jay

0 Kudos
1 Accepted Solution
JayBlackcreek
Here to help
‎Aug 23 2023 8:58 AM
‎Aug 23 2023 8:58 AM

It turns out that the internet is actually being NATed because we are using a dynamic IP from the ISP as opposed to a static IP and it looks like we will have to use a static IP from the ISP to get the VPN to work.


Thanks everyone for your help.

View solution in original post

0 Kudos
10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 14 2023 11:03 AM
‎Jul 14 2023 11:03 AM

Because you don't use Anyconnect instead of L2TP, it is much more stable and has more options.
 
You can also try generating the connection through that site.

 

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
JayBlackcreek
Here to help
‎Jul 14 2023 1:58 PM
‎Jul 14 2023 1:58 PM

Ok, I enabled AnyConnect in the portal, downloaded the software and rebooted my computer and the Meraki, and verified internet is working on both. When I open the AnyConnect software and enter the VPN hostname, it says it could not connect to server. Please verifiy connectivity and server access.

0 Kudos
In response to JayBlackcreek
ww
Kind of a big deal
Kind of a big deal
‎Jul 14 2023 2:25 PM
‎Jul 14 2023 2:25 PM

Is your mx behind a nat internet router?

 

What does the mx event log report regarding the vpn

0 Kudos
In response to ww
JayBlackcreek
Here to help
‎Jul 19 2023 6:17 AM
‎Jul 19 2023 6:17 AM

No it isn't.

0 Kudos
In response to JayBlackcreek
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 14 2023 2:40 PM
‎Jul 14 2023 2:40 PM

Does your MX has a Public IP?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
JayBlackcreek
Here to help
‎Jul 19 2023 6:17 AM
‎Jul 19 2023 6:17 AM

Yes it does.

0 Kudos
JayBlackcreek
Here to help
‎Aug 11 2023 1:42 PM
‎Aug 11 2023 1:42 PM

Any ideas? I am still struggling and my other network co-workers don't seem to have any idea either.

 

I have configured the VPN in the Meraki, to use Umbrella DNS server, no WINS servers, the shared secret I know is correct and I am using Meraki Cloud Authentication and users are setup to use the connection. I also gave it its own subnet to use that was not already in use.

 

When I am in Windows, I enter the hostname exactly as it says, make sure to use L2TP with pre-shared key. Verified the pre-shared key is correct, changed to require encryption and to use an Unencrypted Password (PAP). 

And it still won't work. The error I get is "the L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." And it never even prompts for any username or password, never even makes it to the login.

 

The Meraki device is getting a Public IP and AFAIK, there is no other internet routers in front of this.


Any further assistance would be appreciated. Thanks!

0 Kudos
In response to JayBlackcreek
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 11 2023 1:50 PM
‎Aug 11 2023 1:50 PM

Some options for troubleshooting. If possible check It on the Windows Event Viewer.

 

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Troubleshooting_Cli...

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Verifying_a_Success...

 

Why don't you use Anyconnect instead of L2TP connection?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
JayBlackcreek
Here to help
‎Aug 23 2023 8:26 AM
‎Aug 23 2023 8:26 AM

I tried that, it didn't work. It says it can't find the server. I have verified there is internet over there and there's no firewall or third-party router or NAT device that could be interfering.

0 Kudos
JayBlackcreek
Here to help
‎Aug 23 2023 8:58 AM
‎Aug 23 2023 8:58 AM

It turns out that the internet is actually being NATed because we are using a dynamic IP from the ISP as opposed to a static IP and it looks like we will have to use a static IP from the ISP to get the VPN to work.


Thanks everyone for your help.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.