- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN not prompting for username and password when enabled on Meraki Z3 despite a static/public IP...?
Hey guys,
You might remember when I was having issues with a Meraki MX64W where I was having trouble getting the VPN to work and ultimately, we had to give the Meraki a static/public IP address and then the VPN started working.
Well, I am now having the same problem with a Z3 where when we try to connect to the VPN, no prompt for a username or password ever shows and eventually it says:
"The remote connection was not made because the name of the remote access server did not resolve."
or an L2TP processing error.
Initially we thought it was because the IP getting to the Meraki was not static/public. The ISP configured the internet with a static/public IP address, and it now shows it in the Meraki, but the VPN will still not work and not even get to the login prompt. I checked whatismyip.com on a computer on the network and the IP address is the same as what is showing on the WAN in the Meraki. We have tried multiple computers and multiple different settings and followed the VPN connection guide step by step and troubleshooted to no avail.
So I am stumped as to why the VPN will not work on this. Any assistance is appreciated. Thanks in advance!
Jay
- Labels:
-
Client VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check the troubleshooting guide.
I also suggest you open a support case.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have already done the troubleshooting steps to no avail. I will see if we can submit a support case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What does the IP address of your Z3 start with?
Is it 100.64.x.x - 100.107.x.x? If so, you're behind CG-NAT and therefore VPN will most likely not work.
Otherwise, check if your ISP has any blocks on VPN ports (especially if it's a cellular type service).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are there any specific error messages or logs indicating authentication failures or other issues related to VPN connectivity on the Meraki Z3?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The IP address from the ISP begins with 184.x.x.x.
I contacted Cisco support and they have done some troubleshooting with me, we initially traced it possibly to a problem with the secret key. We ended up changing back to the old key (what it was before it was changed last week) without any special characters and it still didn't work.
I tested pinging the VPN hostname address from my laptop and it pinged fine.
I am now, however, getting a different error when I try to connect:
The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (eg. firewalls, NAT, routers) between your computer and the remote server is not configured to allow VPN connections.
I checked event viewer and I am getting error 809 when trying to connect. I checked the firewall and UDP ports 500 and 4500 are not blocked, they are both setup for port forwarding. I have setup connections with a username and password that has access to the VPN connection and I still can't get it to work, unfortunately.
I checked the Meraki logs and didn't see anything. So, for some reason, my laptop or anything can't reach the VPN server, even though I can ping it and the firewall and everything appears to be configured correctly.
Thanks, all, for your assistance so far. Any other ideas?
Thanks, Jay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check the workaround.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, even though that's for Sonicwall devices and there's no Sonicwall, that registry edit appears to have worked!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know, but it's a L2TP connection, this workaround is for the windows machine, it's not a Meraki issue.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, thanks for the help so far, now after the registry fix and rebooting my computer, I am now getting the prompt for a username and password, but it is giving me a 919 error, authentication protocol used by RAS/VPN used to verify the username/password could not be matched with the settings in your profile. I have verified that L2TP is selected and the key is correct and that Unencrypted Password is being used as per the Client VPN OS Configuration settings for Windows.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check the PSK and enable PAP.
You can also check on Google.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have checked and copied the PSK several times and verified it's correct. Also, the protocol is set to PAP and nothing else:
Thanks,
Jay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The truth is that the native Windows client is not 100% reliable and you should not blindly trust the documentation. What I mean is that you can try different configuration combinations, for example, or instead of requiring encryption have you tried changing it to optional encryption?
If it still doesn't work, try generating the connection configuration with this tool.
https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html
Please, if this post was useful, leave your kudos and mark it as solved.