Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Register or Sign in
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About Groucho711
Groucho711
New here
Member since Mar 23, 2021
Mar 24 2021
Community Record
5
Posts
0
Kudos
0
Solutions
Badges
Mar 24 2021
8:48 AM
I ended up going into the adapter settings for the VPN connection, under the security tab, selecting the radio button "Allow these protocols", and finally checking PAP. That change allow the VPN to connect using the Meraki Authentication. Once I changed it over to RADIUS I am getting IAS_AUTH_FAILURE on the RADIUS server. So at least I know it is talking to the RADIUS server now. Just need to figure out why the RADIUS authentication is failing.
... View more
Mar 23 2021
2:08 PM
Also I am running version MX 15.42. I am wondering if this could be an issue with the 15.x firmware version. I know it worked when I was on the 14.x firmware. But I needed to upgrade to 15 so I could have IKEv2 for a VPN configuration.
... View more
Mar 23 2021
1:34 PM
Additional update - for a test I decided to use Meraki Authentication and that resulted in the same error on the client side. But I was able to see these events in the Meraki Event Log: Mar 23 20:18:47 Non-Meraki / Client VPN negotiation msg: <l2tp-over-ipsec-1|47053> deleting IKE_SA l2tp-over-ipsec-1[47053] between MX Pub IP[MX Pub IP]...Home Pub IP[Home Priv IP] Mar 23 20:18:47 Non-Meraki / Client VPN negotiation msg: <l2tp-over-ipsec-1|47053> closing CHILD_SA net-1{52} with SPIs cc16b166(inbound) (801 bytes) 89788838(outbound) (919 bytes) and TS MX Pub IP/32[udp/l2f] === Home Pub IP/32[udp/l2f] Mar 23 20:18:28 Non-Meraki / Client VPN negotiation msg: <l2tp-over-ipsec-1|47053> CHILD_SA net-1{52} established with SPIs cc16b166(inbound) 89788838(outbound) and TS MX Pub IP/32[udp/l2f] === Home Pub IP/32[udp/l2f] Mar 23 20:18:27 Non-Meraki / Client VPN negotiation msg: <l2tp-over-ipsec-1|47053> IKE_SA l2tp-over-ipsec-1[47053] established between MX Pub IP[MX Pub IP]...Home Pub IP[Home Priv IP]
... View more
Mar 23 2021
10:12 AM
Yes, VLAN 999 is in VPN.
... View more
Mar 23 2021
9:34 AM
I am trying to setup Meraki client VPN on one of our MX's for a site in London. This was setup and working before but that was when we had a P2P connection back to our Colo. When the P2P was in place I just used the IP on the MX for that P2P connection and everything worked great! But the office moved and we did not order a new P2P due to the small amount of traffic going across that connection. We replaced it with a site to site VPN to our Colo and the VPN works great. But trying to get the RADIUS authentication working with this setup is proving difficult. I have read that the IP address of the highest numbered VLAN should be used on the RADIUS client configuration. With that in mind I am using the IP address for VLAN 999 on the NPS server RADIUS client entry for this MX. When I setup the VPN on a Windows 10 PC, I get prompted for user/pass, but when I enter that information and press enter, I get an error shortly after stating "The connection was terminated by the remote computer before it could be completed". From the MX, I am able to ping the RADIUS server over VLAN 999. I can also ping VLAN 999 on the MX from the RADIUS server. Doing a packet capture during testing on the MX, I can see the traffic from my PC hitting the MX, but I don't see any traffic from the MX reaching out to the RADIUS server. Also looking at the logs on the RADIUS server I don't see any authentication attempt for that Client VPN from the MX. I am sure it is a simple step I am overlooking that is missing to get this to work as expected, but so far I am not figuring it out.
... View more
© 2024 Cisco Systems, Inc.
