VPN using Windows VPN Gateway Server

Johann
Getting noticed

VPN using Windows VPN Gateway Server

Hi all,

 

I hope someone can help, not sure if I'm missing the obvious here. So my client has a small network with a few VM's (AD,FS) hosted in Hyper-V environment. They currently have a SonicWall Firewall and I was looking to replace with a Meraki MX64. Crucially the off-site users +-50, connect to the office via a Windows VPN Server, they use the built-in Windows VPN client with an installed certificate to authenticate via AD. 

 

I setup the Meraki Firewall exactly as the Sonicwall, everything worked perfectly except for the VPN. Users get the generic message "connection failed because host failed to respond" Am I missing something in getting this to work? As aside, I did setup one user on the Meraki with Client VPN connection and it worked, but I would like to keep the Windows VPN server if possible.

 

Any help would be appreciated.

4 Replies 4
ww
Kind of a big deal
Kind of a big deal

Did you forward tcp /udp ports at the mx to the vpn  server

Johann
Getting noticed

Hi ww, when I checked the Sonicwall rules, I never came across any implicit port forward rules, so I never created them on the Meraki. Logging back into the VPN server, I can see there are ports open for 1723 (PPTP) and 500/4500 (L2TP/IKEv). I think I will add these and then run a packet capture to see the results. Thanks for the heads up.

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Johann , packet capture is your friend here.  Run it on the Internet and LAN interfaces to see what is or isn’t happening.

 

But as @ww  states below, you probably just need to set up your port forwarding for the vpn traffic to your vpn server

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Johann
Getting noticed

Hi UCcert, I think @ww has pointed me in the right direction, as youalso mentioned I will also run the packet capture to see what is happening, thx.

Get notified when there are additional replies to this discussion.