I have configured a Client VPN on this MX device. When using Meraki Cloud authentication it works without issue. When I enable radius authentication it fails.   I have performed a packet capture on the radius server and see successful authentication requests validating that radius is functioning correctly. This is failing for both an Android client (ver. 9 build PPR2.181005.003) and Windows10 Enterprise (ver. 1709 build 16299.611)   Below are log entries. It looks to me like it's simply timing out.   Oct 29 08:28:15 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA established x.x.x.x[4500]-y.y.y.y[4500] spi:f7576fb374b0f3a5:75cfbc1463066f9b Oct 29 08:28:16 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport x.x.x.x[4500]->y.y.y.y[4500] spi=68336299(0x412baab) Oct 29 08:28:16 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport x.x.x.x[4500]->y.y.y.y[4500] spi=125451427(0x77a3ca3) Oct 29 08:28:21 Non-Meraki / Client VPN negotiation msg: purged IPsec-SA proto_id=ESP spi=125451427. Oct 29 08:28:21 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA expired x.x.x.x[4500]-y.y.y.y[4500] spi:f7576fb374b0f3a5:75cfbc1463066f9b Oct 29 08:28:21 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA deleted x.x.x.x[4500]-y.y.y.y[4500] spi:f7576fb374b0f3a5:75cfbc1463066f9b   My confusion is why the different behavior going from cloud auth to radius when I can confirm that radius is working.   Has anyone seen this before?  Any suggestions? ... View more

I've run into this problem now for the second time in two weeks.  The Sunday before last I was called because the MX64 at that location was taking an extended amount of time to check into the Dashboard.  Multiple reboots and resets were attempted to no avail.  It was using a 4G gateway as it's WAN link and a laptop directly connected to that gateway worked without issue.  A call to Meraki led to an RMA being processed for the MX however when I got to work on Monday morning the MX had checked in.  We decided to proceed with the replacement to be safe.   No outbound traffic is blocked so the rules detailed in the MX Help>Firewall menu shouldn't come into play because access to those IPs on those ports is allowed.   Today I was trying to provision a couple of full stacks and ran into the same issue.  The connection was attempted using three different MXes and 4 different network links including two different 4G gateways.  Again a connected laptop worked without issue.  Currently I have the MX connected on an access port normally used for my test set.  When I watch traffic on that port I see a trickle (4-7 packets per second).  This is on a 100Mb connection so speed shouldn't be an issue.   In all cases, I'm getting the rainbow of lights as the device attempts to register.  My plan is to leave the MX running overnight and hope it has checked in by the morning.  I'm wondering if anyone else has run into this because we provision our gear before shipping but at this rate I better start on my January networks now.   This particular hardware is being re-used (it's not new out of the box) but was removed from the old network which was then deleted returning it to inventory from where it was then added to the new destination network.  Pings to the LAN facing IP address of the MX, even sourced from the gateway address fail despite being arp'ed, the port being up and it passing the small amount of traffic it is.     ... View more

I have an iPad which was in use and showing connected to my wireless network however the last logged association to a WAP was two days previous.  I get that if it remained on and connected to that particular WAP there shouldn't be another event but given that it was two full days (let's even call it a day and a half) and there is no way the device was on for the entire period (the location would have shut down for the night twice) it seems odd to me that I don't see a fresh association message being logged.   Thoughts? ... View more