Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, October 10, 2019 3:49 PM
Hey all,
I have been trying to configure the Windows firewall to allow a client VPN connection (Windows 8.1/10) to our Meraki MX100 but to no avail. I keep on getting the following error message:
Error 791: The L2TP connection attempt failed because security policy for the connection was not found
I have the firewall set up via GPO to allow all outbound connections and restrict inbound connections (except for the inbound allow rules I have set up of course).
I have tried the following:
Added an inbound rule to allow UDP ports 50, 500, 1701, and 4500.
Added an inbound rule to allow TCP port 1723.
Added the following registry value (on the client machine)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
AssumeUDPEncapsulationContextOnSendRule = 2
Enabled firewall logging and checked the pfirewall.log file... it is not blocking anything (except dropping some random outbound DNS queries on UDP port 53, which is strange considering all outbound traffic is allowed).
Looked at the RasClient entries in Event Viewer... it gives no more specific info. Just shows and Event ID of 20227 saying the connection failed due to error 791.
Searched the Internet for error 791. There isn't much info available on this specific error. Anything that I have found is 10+ years old or deals with setting up NAT traversal on a VPN server.
Looked at the VPN logs on the Meraki... it doesn't even show the connection attempt.
Attempted to adjust the IPsec Settings, but I honestly don't know enough about how I need to set these to tell if this is the issue.
I know that the VPN connection is set up correctly and that some aspect of the Windows firewall is causing the issue because if I disable the Windows firewall on the client, the VPN connection fires right up.
What am I missing? What "security policy" is this error talking about?
Any help would be appreciated.
All replies (1)
Friday, October 11, 2019 8:43 AM
Hi,
You can try the below methods:
1.restore firewall to the default state,then configure roles one by one to check
2.use network monitor to capture vpn traffic.
BTW, Message Analyzer (http://blogs.technet.com/MessageAnalyzer), the eventual replacement for Network Monitor, can also capture tunnel traffic, but intstead it uses a firewall driver to capture the data. Perhaps this is another option for you.
Best regards,
Charlotte Tang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].