I am trying to setup Meraki client VPN on one of our MX's for a site in London. This was setup and working before but that was when we had a P2P connection back to our Colo. When the P2P was in place I just used the IP on the MX for that P2P connection and everything worked great! But the office moved and we did not order a new P2P due to the small amount of traffic going across that connection. We replaced it with a site to site VPN to our Colo and the VPN works great. But trying to get the RADIUS authentication working with this setup is proving difficult. I have read that the IP address of the highest numbered VLAN should be used on the RADIUS client configuration. With that in mind I am using the IP address for VLAN 999 on the NPS server RADIUS client entry for this MX. When I setup the VPN on a Windows 10 PC, I get prompted for user/pass, but when I enter that information and press enter, I get an error shortly after stating "The connection was terminated by the remote computer before it could be completed". From the MX, I am able to ping the RADIUS server over VLAN 999. I can also ping VLAN 999 on the MX from the RADIUS server. Doing a packet capture during testing on the MX, I can see the traffic from my PC hitting the MX, but I don't see any traffic from the MX reaching out to the RADIUS server. Also looking at the logs on the RADIUS server I don't see any authentication attempt for that Client VPN from the MX. I am sure it is a simple step I am overlooking that is missing to get this to work as expected, but so far I am not figuring it out.
... View more