We have setup an vmx in Azure. It is configured as an Passthrough or VPN Concentrator. We then use it with a NPS Radius-server installed on one of the servers in Azure for User-VPN. We also have an MX onprem with an Site to Site VPN to the vmx in Azure.   The problem is when I enter the vmx public IP in my webbrowser I get vmx configurtion page. You know the one where you set the public IP of the firewall. Even when I am not on the same network.   I guess we have done something wrong.   We dont have an network security group for this vmx. Should we even have one? Or what do I need to do?   Feels a little unsafe at the moment. ... View more

I have an MX65 with an MG21 connected to WAN-port. The SIM-card is unlocked from NAT and has a static public IP.   I try to setup an non meraki site 2 site to our cloud. Of course that fails. Guess I need to add some port forwarding on my MG21. Now I have added these.   My MX has the following address from MG21.   My IP on MG21 is Address and public IP are the same. My MX Site 2 Site is configured with. We are using VmWare Edge Gateway on the other side. And these settings work when we only have an Meraki without MG21 onprem.   The logs in Meraki says.   Would really appreciate some pointers here.   EDIT1: Did capture on Internet and the only thing I see from my remote VPN-site is this. ... View more

Meraki keeps haunting me.   I try to setup Client VPN with Windows server 2019 NPL-server. I have followed the guide at https://documentation.meraki.com/MX/Client_VPN/Configuring_RADIUS_Authentication_with_Client_VPN   My Meraki is on another site from my AD. They are connected via Site 2 Site non Meraki VPN. It works fine and all traffic flows from Meraki to AD-site.   My Meraki can ping the Radius-server from default source.   I have opened all ports on the Radius-server, inbound and outbound (just for test).   I have checked the shared secret and even changed it to something simple like 12345, and the same in Meraki Dasboard.   I have run sc sidtype IAS unrestricted on the Radius-server and rebooted.   I have deleted the file %windir%\system32\ias\ias.xml and rebuilt the settings in NPS.   I have checked Allow on Network Access Permission on the testusers AD-account and tried to check Control access through NPS Network Policy.   I have created a completely new user in my AD just to be sure that nothing "old" is making the error.   I have checked the Attribute msRADIUSServiceType so it is empty.   I have tried to connect with VPN from my Samsung phone with only data traffic enabled, and not wifi.   I have activated logging on the Radius server firewall for dropped connections, nothing is dropped.   I have activated logging Audit Policy (Account logon events and Logon events) on my Radius Server but the security logs shows no logging at all about failed connections.   I have tried to use different methods in username, domainname.local\username, domainname\username username@domainname.com and just username.   I have tried multiple different accounts.   Probably tried a number of more things, but no success at all.   The error I get is Error 691.   Meraki Cloud Authentiaction and AD authentication works .   I'm not sure what else I Can try now.   Maybe try to install NPS on an old Server 2012R2 just to make sure there is nothing strange with the 2019-server. ... View more

I am struggeling with my Merkai and are trying to setup Client VPN AD Authentication. I have added Client VPN: Enabled Subnet: 10.10.2.0/24 A Shared secret. Choosen Active Directory Short domain: my local domainname (name.local) Server IP: The IP address of my DC Username: Admin Password: *******   The MX can ping The IP address of my DC   I have for test purpose created a firewall rule on my DC that allow all traffic inbound and outbound.   Worth mention is that my DC is on another site that is connected to the MX with a Non Meraki VPN. But the traffic flows fine.   The Client VPN is allowed over VPN   The error I get from the client is Error 691.     I have double and tripple checked my username and password and my shared key on the client.   I am not sure what to do now. ... View more

We are using Windows builtin VPN-connection for Client VPN to Meraki. Are there any settings / function for keep alive or reconnect in case the connection drops?   Thanks! ... View more

Hello!   I have a problem with Client VPN. We are using Meraki Cloud authenticating.   Computer are AD-connected and the users login with their AD-account on the computer. firstname.lastname@domain.local   The VPN-accounts are registered to their mail-address. firstname.lastname@domain.com   We are mapping the drives with GPO, so when they start their computers at home there is a red cross over the drives. Then they connect with VPN and try to open the drive and gets an error. Microsoft Windows Network: The local device name is already in use   I have found that if I change their username for VPN to the same they have in the domain then it works. But that name isn't mail enabled because we use domain.local as name.   Is there anyway to solve this without having to change my UPN in my domain? ... View more