Pfense won't allow Meraki Access Point VPN thru to main offce

jamo

So my company (company A) see patients at (company B) and needs our network to do so.  We have been using Meraki MR32 access points for some time at company B and use the Teleworker VPN to get back to our network.  Meraki access point VPN contacts the meraki cloud, then directs the AP to our internal VM VPN concentrator.  There is no VPN client in this setup.  any client that can get on the SSID has access back to our network.  This all had been working fine when company B was using an ASA.  They have recently changed ip scopes and switched to a pfense firewall.  After the change my Meraki APs are manageable via the meraki dashboard but they will not connect back to my VPN concentrator.  I have several other home workers who still work just fine on the same setup.

I worked with company B to allow all TCP/UDP from my AP internal IP and still have no VPN connection back.  These meraki APs work where ever you take them if they are set up for VPN.  There is NO configuration on the source side needed typically.  I'm looking for any assistance or ideas in regards to pfense config to allow this VPN tunnel to connect.

jamo

Here are a couple meraki resources if they shed any light.

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Troubleshooting_Automatic_NAT_Traversal_for_Meraki_Auto-VPN

https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Troubleshooting_VPN_Registration_for_Meraki_Auto-VPN

would pfense need anything on outside to inside established rule?

KOM

Can I assume you've already checked the firewall log on WAN for blocked packets?

jamo

I will say that I worked with company B yesterday while I was troubleshooting and yes we looked at the logs.  It seemed to us that there was really nothing showing in the log once we filtered by the Meraki internal IP.

KOM

OK.  Anything that reaches out of your network first typically does not require any NAT rules.  Unsolicited inbound traffic needs NAT + rules to work.  Perhaps a packet capture on WAN and analysis in Wireshark is next.

Indie_Beef

I have a fresh pfSense firewall with no plugins, all defaults.  I have a Meraki Z1 that was working behind a OpenWRT router.  pfSense was working with an Aruba access point.  My Z1 does not work on my base PFSense install.  It connects to the Meraki cloud however the VPN tunnel is never established.

Sorry to hijack your thread.  This seems similar to your problem.  Did you come you with a a solution?