Not true, vpn works even while connecting from the same network.

@@praveendsouze It's 100% true... You cannot use the Meraki VPN client connection (L2PT) from inside of the MX network at all. It would create a Layer 3 loopback and rip a hole in time. However if not using Meraki VPN client and a separate PPTP VPN with RRAS can be accessed and configured behind the MX but that is not what we are talking about here. 😀😀

@@DAHCKRAM yes I was wrong, we r using MX250 at main office which is connected to MX100's and other MX65's at sites which are connected through AutoVPN, but still users can use VPN (L2TP) to connect to Main Office. As u said it might be cos main office is In different subnet.

Well, it looks like I do not have to comment here. Glad to see you sorting this out :).

Hello! The client VPN is not to access the dashboard or the device config ( is not for telnet or SSH on any sort). This feature is to access the local resources under the MX/Z and act as a regular under the local LAN of the network. You can find more information about the feature in the link below. documentation.meraki.com/MX/Client_VPN/Client_VPN_Overview

Hello security esc. I covered the most common troubleshooting scenarios with ClientVPN in the TSHOOT section of the channel. Feel free to check the ClientVPN troubleshooting video. kzbin.info/www/bejne/p6akgqaio7aib7M

Good that you can configure the Client VPN correctly! In order to help you to reach resources under the MX/Z1/3, you need to ensure your devices under the Meraki device can respond to the new subnet you created. Most of the times this issue happens because the firewall of the resources under the Meraki device blocks the traffic to unknown subnets ( in this case, the new VPN subnet). If you allow all the traffic including the Client VPN subnet and still does not work, try taking packet captures in the LAN interface of the MX while you are doing a continuous ping from the client VPN to the internal device. You should see the ping going out from the LAN interface of the MX to the internal resource in the LAN. If you do not see a response, you should check something downstream. I hope that helps you in your issue, if you need any additional guidance, let me know.

Hello @Omer, It depends. If you have a private IP address from your ISP and you can configure Port Forwarding in the ISP router in order to forward traffic destined to the public IP address to the private IP address MX downstream, yes. If the ISP router is not able to use Port Forwarding, all the traffic destined to the public IP address will be blocked and not sent to the MX.

You should access to the local resources as if you are in the LAN of the MX. If you cannot access to the local resources, I would recommend you to check the firewall rules in the MX and the local resource and server to ensure they allow traffic form the client VPN subnet. Additionally, you can take pcap in the MX to ensure the traffic is leaving the MX and reaching your internal resource. With that, you can discard any problem with Client VPN or firewall configuration.

If you would like to know how to configure your Windows 10 to use client VPN with the MX, you can follow the guidelines in the Meraki documentation below: documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_10 You do not need licenses for end devices, the only license you need is for the MX in the dashboard. You can have as many client VPN connections as your MX supports

Hello Amir, No, you can use Cisco Anyconnect as well.

Hello Kailash, If you are using Meraki authentication, you cannot. You can try using another authentication method for more control.

Also the LCP and PAP are enable.

Hi Afonso, Did you ever fix this? I have been getting the issue and everything is done as suggested?

@@TheAnaden Hi, yes! I fix it. What is you scenario? The connection do you have is a ISP connected to MX? Or the link from the ISP to the MX? Did check all steps on mx vpn client documentation?

@@eljardas Yes I have ISP connected to MX. So the MX is connected to the isp router.Yes I did check all the steps on mx VPN client documentation but still can't work it out.

@@TheAnaden ok, good. Check the configuration on the ISP router. Check if you have the mx up on the dmz. If you have any port can work at bridge mode use it. Let me know if this information help you

Hello Tony, Yes, the MX is capable of using ClientVPN in Passthrough Mode. You can see more information int he link below. documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Appliance_and_Z-series_Teleworker_Gateway

It is as reliable as any other Encrypted client VPN tunnel I would say.

Good catch! Yes, the IP you should get in the client should be part of the subnet configured in the ClientVPN section. In the video, I was actually using another VPN connection I had in my lab. Since the other VPN connection has another subnet, you can see the difference there.

@@TheITWay hi, sorry if i am asking alot questions and it maybe silly at times. since i am beginner.i just have a question like what best features would you recommend if i am your business client ?