Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

VPN not prompting for username and password when enabled on Meraki Z3 despite a static/public IP...?

JayBlackcreek
Here to help
‎Mar 28 2024 7:37 PM
‎Mar 28 2024 7:37 PM

VPN not prompting for username and password when enabled on Meraki Z3 despite a static/public IP...?

Hey guys,

 

You might remember when I was having issues with a Meraki MX64W where I was having trouble getting the VPN to work and ultimately, we had to give the Meraki a static/public IP address and then the VPN started working.

 

Well, I am now having the same problem with a Z3 where when we try to connect to the VPN, no prompt for a username or password ever shows and eventually it says:

"The remote connection was not made because the name of the remote access server did not resolve."

or an L2TP processing error.

 

Initially we thought it was because the IP getting to the Meraki was not static/public. The ISP configured the internet with a static/public IP address, and it now shows it in the Meraki, but the VPN will still not work and not even get to the login prompt. I checked whatismyip.com on a computer on the network and the IP address is the same as what is showing on the WAN in the Meraki. We have tried multiple computers and multiple different settings and followed the VPN connection guide step by step and troubleshooted to no avail.

 

So I am stumped as to why the VPN will not work on this. Any assistance is appreciated. Thanks in advance!

Jay

Labels:
Subscribe
12 Replies 12
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 28 2024 7:50 PM
‎Mar 28 2024 7:50 PM

Check the troubleshooting guide.

 

https://documentation.meraki.com/MX/Client_VPN/Guided_Client_VPN_Troubleshooting/Unable_to_Connect_t...

 

I also suggest you open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
JayBlackcreek
Here to help
‎Mar 28 2024 7:54 PM
‎Mar 28 2024 7:54 PM

We have already done the troubleshooting steps to no avail. I will see if we can submit a support case.

0 Kudos
Subscribe
Brash
Kind of a big deal
Kind of a big deal
‎Mar 28 2024 8:10 PM
‎Mar 28 2024 8:10 PM

What does the IP address of your Z3 start with?

Is it 100.64.x.x - 100.107.x.x? If so, you're behind CG-NAT and therefore VPN will most likely not work.

Otherwise, check if your ISP has any blocks on VPN ports (especially if it's a cellular type service).

0 Kudos
Subscribe
Kathlyn
Conversationalist
‎Mar 28 2024 11:37 PM
‎Mar 28 2024 11:37 PM

Are there any specific error messages or logs indicating authentication failures or other issues related to VPN connectivity on the Meraki Z3?

0 Kudos
Subscribe
JayBlackcreek
Here to help
‎Mar 29 2024 1:40 PM
‎Mar 29 2024 1:40 PM

The IP address from the ISP begins with 184.x.x.x.

 

I contacted Cisco support and they have done some troubleshooting with me, we initially traced it possibly to a problem with the secret key. We ended up changing back to the old key (what it was before it was changed last week) without any special characters and it still didn't work.

 

I tested pinging the VPN hostname address from my laptop and it pinged fine.

 

I am now, however, getting a different error when I try to connect:


The  network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (eg. firewalls, NAT, routers) between your computer and the remote server is not configured to allow VPN connections.

 

I checked event viewer and I am getting error 809 when trying to connect. I checked the firewall and UDP ports 500 and 4500 are not blocked, they are both setup for port forwarding. I have setup connections with a username and password that has access to the VPN connection and I still can't get it to work, unfortunately.

 

I checked the Meraki logs and didn't see anything. So, for some reason, my laptop or anything can't reach the VPN server, even though I can ping it and the firewall and everything appears to be configured correctly.

 

Thanks, all, for your assistance so far. Any other ideas?


Thanks, Jay

 

0 Kudos
Subscribe
In response to JayBlackcreek
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 29 2024 3:04 PM
‎Mar 29 2024 3:04 PM

Check the workaround.

 

https://www.sonicwall.com/support/knowledge-base/l2tp-error-809-cannot-connect-l2tp-to-sonicwall-fro...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
JayBlackcreek
Here to help
‎Mar 29 2024 4:44 PM
‎Mar 29 2024 4:44 PM

Hi, even though that's for Sonicwall devices and there's no Sonicwall, that registry edit appears to have worked!

0 Kudos
Subscribe
In response to JayBlackcreek
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 29 2024 4:51 PM
‎Mar 29 2024 4:51 PM

I know, but it's a L2TP connection, this workaround is for the windows machine, it's not a Meraki issue.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
JayBlackcreek
Here to help
‎Mar 29 2024 5:30 PM
‎Mar 29 2024 5:30 PM

Ok, thanks for the help so far, now after the registry fix and rebooting my computer, I am now getting the prompt for a username and password, but it is giving me a 919 error, authentication protocol used by RAS/VPN used to verify the username/password could not be matched with the settings in your profile. I have verified that L2TP is selected and the key is correct and that Unencrypted Password is being used as per the Client VPN OS Configuration settings for Windows.

0 Kudos
Subscribe
In response to JayBlackcreek
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 29 2024 6:12 PM
‎Mar 29 2024 6:12 PM

Check the PSK and enable PAP.

 

You can also check on Google.

 

Screenshot_20240329-220932~2.png

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
JayBlackcreek
Here to help
‎Mar 29 2024 9:19 PM
‎Mar 29 2024 9:19 PM

I have checked and copied the PSK several times and verified it's correct. Also, the protocol is set to PAP and nothing else:

JayBlackcreek_0-1711772392641.png

 

Thanks,


Jay

0 Kudos
Subscribe
In response to JayBlackcreek
alemabrahao
Kind of a big deal
Kind of a big deal
‎Mar 30 2024 12:38 AM
‎Mar 30 2024 12:38 AM

The truth is that the native Windows client is not 100% reliable and you should not blindly trust the documentation. What I mean is that you can try different configuration combinations, for example, or instead of requiring encryption have you tried changing it to optional encryption?

 

If it still doesn't work, try generating the connection configuration with this tool.

 

https://www.ifm.net.nz/cookbooks/meraki-client-vpn.html

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.