We recently moved over from a Cisco ASA appliance to an MX450 with all the firewalls replicated (where applicable). We have a member of staff who used to use WOL when he was connected to the client VPN in order to wake up a system that sits inside our network. Since moving to the MX450, WOL no longer works and he is unable to wake up the same system he has in the past. The only other thing that's changed is the subnet used by the VPN clients.
Old VPN client range: 192.168.105.5/29
New VPN client range: 10.150.0.0/24
Can anyone shed any light on what I would need to get to get this working, or if indeed it's even possible on an MX appliance?
You can also do it from the clients page.
I'd agree with @NolanHerring. I'd start with inspecting the firewall rules applied to the MX450; especially if there was a subnet change. The transferred rules may be applying to the incorrect subnet.
Where you using Cisco AnyConnect before?
Is the person initiating the WOL packet using a directed broadcast? I've never tried using directed broadcasts with L2TP over IPSec, so not sure if they would work.
If you do a packet capture on the client VPN connection when the packet is sent do you see it arrive? If not, then I'm guessing L2TP does not support this.
If it does arrive do a packet capture on the LAN interface. Do you see it leave the MX and head towards the client? If not then perhaps the MX does not support directed broadcast forwarding.