MX is Not Receiving the Client VPN Connection Attempt
This article provides potential causes as to why the MX is not receiving the Client VPN connection attempt and how to troubleshoot them with packet captures.
MX is not receiving connection attempts from client device.
General Troubleshooting
Review the event log and confirm that the connection attempt is not reaching the MX.
- In the Meraki Dashboard, navigate to Network-wide > Event log
- Select for security devices from the drop-down menu at the top of the page
- In the Event type include field, enter All Client VPN and click Search
- Review the results for Client VPN Negotiation events from the public IP address of the client
If the connection attempt is not reaching the MX:
- Confirm that UDP ports 500 and 4500 are not blocked on the client network
- It might be necessary to check the access control and firewall settings upstream of the client
- Verify that UDP ports 500 and 4500 are not blocked upstream of the MX
- Test connectivity between the public IP of the client and WAN IP of the MX with a ping to validate that the peers can communicate over the internet
Using Packet Capture
A packet capture can confirm that the connection attempt is not reaching the MX. See Troubleshooting Client VPN with Packet Captures for more information.
- Start the packet capture on both the MX WAN and Client VPN interface before an attempt is made to connect to Client VPN
- On MX WAN capture, filter for requesting client’s public IP address
- Review the results for any traffic reaching the MX WAN
If no packets are reaching the MX:
- Confirm that UDP ports 500 and 4500 are not blocked on the client network
- It might be necessary to check the access control and firewall settings upstream of the client
- Verify that UDP ports 500 and 4500 are not blocked upstream of the MX
- Test connectivity between the public IP of the client and WAN IP of the MX with a ping to validate that the peers can communicate over the internet