Catchy title I know.
So I have had a vendor try to get a Meraki MX installed for our VPN endpoint with some Meraki support and my project is not completed yet. I pretty much got ghosted, and I have used them many times in the past.
Anyways, I am banging around settings from the 90% install point we are at.
Meraki MX is going to be a VPN concentrator in a 1 armed install so we can use DUO for MFA/2fa auth.
The SSL vpn connection worked without any tweaks after we got the Meraki installed.
The L2TP vpn however never established a connection. When I talked to Meraki support, they did some pcaps and saw the traffic and the VPN start to form and then barf on itself I guess.
(Just if somebody cares, to test the IPSec and Meraki iteself we reset the HW, used my backup ISP and L2TP worked fine using Meraki anywehere login).
SNAT:
. I figure this was because the Meraki website was not showing (and so the meraki not using) the public IP I set it up for. SNAT rules to get traffic out the right public IP address. Tried advaced rule applies to IPSEC on and off. Same results.
DNAT:
all traffic from the public IP going to internal network Meraki MX with auto packet filter rules and log inital packets.
Windows L2TP client - spins and thinks and does not connect. Getting error RasClient 809. Meraki post says add some settings to the registry because of NAT and bingo it works. [https://community.meraki.com/t5/Security-SD-WAN/VPN-Error-809/m-p/170442]
Now I am trying to fix NAT (no NAT, 1:1 NAT) so I don't need to edit every windows computer that will VPN registry settings.
I have never played with "No NAT" or 1:1 NAT, so my settings are likely wrong.
This thread was automatically locked due to age.