cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1324
Views
1
Helpful
6
Replies

3rd Party VPN access through Meraki

bgoldberg
Level 1
Level 1

Hi. 

 

I work at a public library and I want people who use our access points be able to connect to their work VPN's just like they would if they were at a coffee shop or at home.  But so far, nobody can.  That includes library staff who connect to our city's VPN with Global Protect. Global Protect works fine for us at home and at most places except here at the library. 

 

We have a Meraki system including MR42 access points, an MS255 switch and an MX64 security appliance.  There are actually three of these systems, one for each of our buildings.  I have a laptop which I whitelisted for troubleshooting with no luck.  Global protect connects and doesn't report any errors, but we cannot access our network drives. 

I've checked all the settings with help from the Meraki hotline and found nothing that should be blocking this.  Any ideas would be appreciated.

Ben

 

-- Update:  It seems to be something to do with the access points.  I just wired my laptop in to the switch and was able to see my drive

 

 

6 Replies 6

I´d would suspect about the MX64 security appliance.  When you say you used the laptop, you still goes through the MX64 security appliance? Or you take a different path?

  Some security device needs to be prepared to accept ipsec through .

 

https://documentation.meraki.com/MX/Other_Topics/Using_VPN_through_an_MX_Security_Appliance 

 

Hi Flavio,

Yes, when I plug my laptop into the switch it's: laptop - ms255 - mx64 - street.  Otherwise, it's laptop ~ mr42 - ms255 - mx64 - street.  I can get Global Protect to work by using a cable to bypass the mr42, but I cannot get Global Protect to work using wifi through the mr42

One more question.

When you say "Global protect connects and doesn't report any errors, but we cannot access our network drives. "

Wondering, then you are able to communicate with this Global Protection service? I mean, you stablish a remote connection with something on the internet?

 I am just trying to figure out the problem cause first it seems when you are on the wifi network you are not able to stablish vpn connection but the sentence above seems to say that you are actually stablishing the connection but with limited access.

 

I mean the Global Protect client doesn't report any errors, and everything seems normal until I try to access the city's network drives. When I do try, I get a Windows error about the drive not being found ("check your spelling and try again" or something like that)

-- adding this because I re-read my answer and think maybe I'm just repeating myself.  I'll have to get back to the building to do more troubleshooting.  I'll try get more info about the connection when I do.  Right now, all I can say is we connect wirelessly just like anyone would, then we start the Global Protect client.  If we do this outside the building (at home or a coffee shop etc..) we can access our networked drives.  If we do this in the building, we cannot 

The problem is fixed by changing NAT mode to Bridge mode in the wireless settings.  At least it's fixed for our staff.  I'll have to wait for a customer to try to use their own VPN to make sure it works for our customers.  I'm not sure what the downside of changing the setting is

I have exactly the same issue with Client -> MR44 -> MX75 -> Bell/Aliant network. I've created one SSID and set the Access control to Bridged.. Will report if this worked.. It is specifically a problem with clients inside our Meraki corporate network trying to connect to a an external Health Provider service elsewhere in our town using GlobalConnect VPN. Thanks for taking the time to document your fix!  Same identical issue.. works wired, not wireless.

Review Cisco Networking for a $25 gift card