Meraki

Community

Problem with VPN

AdminERB
Comes here often
‎Dec 21 2021 10:17 AM
‎Dec 21 2021 10:17 AM

Problem with VPN

Hi everybody,

 

I have a problem with our VPN.

VPN worked well.

The problem occurred while changing the service at the operator.

They added their Huawei router in front of our MX84 router. 

The current connection is: optical cable (input) to huawey converter (set as bridge), from which the ethernet cable comes to Huawei router from it to Meraki MX WAN1. Public address is set NAT 1:1 

 

VPN works through a mobile device.

It doesn't work through windows. Many people who have used a VPN and have it set up do not work. No MX settings have changed.

Packets passed. However, it does not connect to the VPN. Does not create ESP encryption.

 

Can't advise on what to set up or check?

 

Event Log:

Mobile connect to the VPN:  its WORK

Dec 21 19:09:59 VPN client connectedlocal_ip: 192.168.xx.xxx, user_id: admin@*********, remote_ip: 194.154.xxx.xxx
Dec 21 19:09:58 Non-Meraki / Client VPN negotiationmsg: <l2tp-over-ipsec-1|142> CHILD_SA net-1{357} established with SPIs c15d1702(inbound) 0e786aae(outbound) and TS 192.168.xx.xx/32[udp/l2f] === 6.1.0.0/32[udp/54731]

 

Windows: does not work

Dec 21 19:12:25 Non-Meraki / Client VPN negotiationmsg: <l2tp-over-ipsec-1|144> CHILD_SA net-1{361} established with SPIs c3e891b6(inbound) 98f9ab7a(outbound) and TS 192.168.xx.xx/32[udp/l2f] === 213.215.xx.xx/32[udp/l2f]
Dec 21 19:12:25 Non-Meraki / Client VPN negotiationmsg: <l2tp-over-ipsec-1|144> closing CHILD_SA net-1{360} with SPIs cbfc1fa6(inbound) (0 bytes) 9a9a447a(outbound) (0 bytes) and TS 192.168.xx.xx/32[udp/l2f] === 213.215.xx.xx/32[udp/l2f]
Dec 21 19:12:19 Non-Meraki / Client VPN negotiationmsg: <l2tp-over-ipsec-1|144> closing CHILD_SA net-1{359} with SPIs c8934840(inbound) (0 bytes) d032f6d4(outbound) (0 bytes) and TS 192.168.xx.xx/32[udp/l2f] === 213.215.xx.xx/32[udp/l2f]
Dec 21 19:12:19 Non-Meraki / Client VPN negotiationmsg: <l2tp-over-ipsec-1|144> CHILD_SA net-1{360} established with SPIs cbfc1fa6(inbound) 9a9a447a(outbound) and TS 192.168.xx.xx/32[udp/l2f] === 213.215.xx.xx/32[udp/l2f]
Dec 21 19:12:16 Non-Meraki / Client VPN negotiationmsg: <l2tp-over-ipsec-1|144> closing CHILD_SA net-1{358} with SPIs cb67671f(inbound) (0 bytes) c9d65cec(outbound) (0 bytes) and TS 192.168.xx.xx/32[udp/l2f] === 213.215.xx.xx/32[udp/l2f]
Dec 21 19:12:16 Non-Meraki / Client VPN negotiationmsg: <l2tp-over-ipsec-1|144> CHILD_SA net-1{359} established with SPIs c8934840(inbound) d032f6d4(outbound) and TS 192.168.xx.xx/32[udp/l2f] === 213.215.xx.xx/32[udp/l2f]
Dec 21 19:12:16 Non-Meraki / Client VPN negotiationmsg: <l2tp-over-ipsec-1|144> CHILD_SA net-1{358} established with SPIs cb67671f(inbound) c9d65cec(outbound) and TS 192.168.xx.xx/32[udp/l2f] === 213.215.xx.xx/32[udp/l2f]
Dec 21 19:12:15 Non-Meraki / Client VPN negotiationmsg: <l2tp-over-ipsec-1|144> IKE_SA l2tp-over-ipsec-1[144] established between 192.168.xx.xx[192.168.12.2]...213.215.xx.xx[192.168.xx.xx]

 

 

thanks so much. best regards

 

AE.

0 Kudos
2 Replies 2
cshaun
Here to help
‎Dec 25 2021 10:07 PM
‎Dec 25 2021 10:07 PM

Hey AE,

 

The remote IP is different in the working (what you have called mobile) and non-working (what you have called windows), so there is more different than just the host device OS & client.  Can you try each combo using the same remote IP and report back?

 

Does their huawei device do any port blocking or NAT?  You said it's in bridge, but are you certain?  Has your IP changed when you changed provider/when your access method changed?

 

0 Kudos
In response to cshaun
AdminERB
Comes here often
‎Jan 19 2022 6:30 AM
‎Jan 19 2022 6:30 AM

Problem fixed.

 

reset VPN register on PC. 

 

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.