T
technet_account1
Guest
Hey all,
I have been trying to configure the Windows firewall to allow a client VPN connection (Windows 8.1/10) to our Meraki MX100 but to no avail. I keep on getting the following error message:
Error 791: The L2TP connection attempt failed because security policy for the connection was not found
I have the firewall set up via GPO to allow all outbound connections and restrict inbound connections (except for the inbound allow rules I have set up of course).
I have tried the following:
- Added an inbound rule to allow UDP ports 50, 500, 1701, and 4500.
- Added an inbound rule to allow TCP port 1723.
- Added the following registry value (on the client machine)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
AssumeUDPEncapsulationContextOnSendRule = 2
- Enabled firewall logging and checked the pfirewall.log file... it is not blocking anything (except dropping some random outbound DNS queries on UDP port 53, which is strange considering all outbound traffic is allowed).
- Looked at the RasClient entries in Event Viewer... it gives no more specific info. Just shows and Event ID of 20227 saying the connection failed due to error 791.
- Searched the Internet for error 791. There isn't much info available on this specific error. Anything that I have found is 10+ years old or deals with setting up NAT traversal on a VPN server.
- Looked at the VPN logs on the Meraki... it doesn't even show the connection attempt.
- Attempted to adjust the IPsec Settings, but I honestly don't know enough about how I need to set these to tell if this is the issue.
I know that the VPN connection is set up correctly and that some aspect of the Windows firewall is causing the issue because if I disable the Windows firewall on the client, the VPN connection fires right up.
What am I missing? What "security policy" is this error talking about?
Any help would be appreciated.
More...
I have been trying to configure the Windows firewall to allow a client VPN connection (Windows 8.1/10) to our Meraki MX100 but to no avail. I keep on getting the following error message:
Error 791: The L2TP connection attempt failed because security policy for the connection was not found
I have the firewall set up via GPO to allow all outbound connections and restrict inbound connections (except for the inbound allow rules I have set up of course).
I have tried the following:
- Added an inbound rule to allow UDP ports 50, 500, 1701, and 4500.
- Added an inbound rule to allow TCP port 1723.
- Added the following registry value (on the client machine)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
AssumeUDPEncapsulationContextOnSendRule = 2
- Enabled firewall logging and checked the pfirewall.log file... it is not blocking anything (except dropping some random outbound DNS queries on UDP port 53, which is strange considering all outbound traffic is allowed).
- Looked at the RasClient entries in Event Viewer... it gives no more specific info. Just shows and Event ID of 20227 saying the connection failed due to error 791.
- Searched the Internet for error 791. There isn't much info available on this specific error. Anything that I have found is 10+ years old or deals with setting up NAT traversal on a VPN server.
- Looked at the VPN logs on the Meraki... it doesn't even show the connection attempt.
- Attempted to adjust the IPsec Settings, but I honestly don't know enough about how I need to set these to tell if this is the issue.
I know that the VPN connection is set up correctly and that some aspect of the Windows firewall is causing the issue because if I disable the Windows firewall on the client, the VPN connection fires right up.
What am I missing? What "security policy" is this error talking about?
Any help would be appreciated.
More...