I have a Meraki MX64 firewall on a Comcast residential cable modem. A few months ago I had client VPN working with no problems. I used the dynamic DNS service Meraki provided, setup L2TP VPN through Mac OSX built in client no problem. Recently I upgraded my modem to Docsis 3.1 to take advantage of the 12 downstream channels that are now available in my area. Since then I have not been able to connect my Macbook (High Sierra) to my Meraki VPN firewall. From the logs it appears phase 1 happens with no problem but when we move on to phase 2 we don't get a response. I've tried configuring, reconfiguring my client and firewall multiple times. The dynamic DNS for the firewall no longer responds to ping and comes back with no known host. Cisco did reply in response to that and it was quite interesting. But using the WAN IP of the firewall does not resolve the issue either. Here is Cisco's response..
"After looking at your device, it appears that this issue is being caused by Comcast redirecting the http request that we make to determine public IP address of the MX for dynamic DNS purposes. In order to resolve this, you need to contact Comcast and find out why they are redirecting your http traffic. You should also be able to get more information by accessing an http (not https) website from a client using that internet connection, so you can see the redirect page."
So right now I am just curious if anyone else has a Meraki firewall on a residential Comcast cable modem and if the service is working?
Here is the log file from the firewall for the failed VPN connection:
Dec 19 18:31:03 Non-Meraki / Client VPN negotiation msg: failed to begin ipsec sa negotiation.
Dec 19 18:31:03 Non-Meraki / Client VPN negotiation msg: no configuration found for 6.1.0.0.
Dec 19 18:31:02 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport 71.233.0.189[4500]->6.1.0.0[4500] spi=39098493(0x254987d)
Dec 19 18:31:02 Non-Meraki / Client VPN negotiation msg: IPsec-SA established: ESP/Transport 71.233.0.189[4500]->6.1.0.0[4500] spi=99050664(0x5e764a8)
Dec 19 18:31:01 Non-Meraki / Client VPN negotiation msg: ISAKMP-SA established 71.233.0.189[4500]-6.1.0.0[4500] spi:70f9223a4216f1b8:a614b6c2d51c4277
Dec 19 18:30:36 Non-Meraki / Client VPN negotiation msg: failed to begin ipsec sa negotiation.
Dec 19 18:30:36 Non-Meraki / Client VPN negotiation msg: no configuration found for 6.1.0.0.
I have Comcast and also have the same issue, extremely frustrating. I used to use it often... Did you have any luck working with Comcast?
ReplyDelete